Phishing vs. pharming: Which is the real scamdemic?

COVID-19 has changed the world dramatically over the last three years. The lines between work, family, social interaction, and even entertainment are now blurred, as all of them now happen from home. During the initial onset of the pandemic, the sudden health crisis and subsequent lockdowns fed into a sense of global alarm. This resulted in a sudden increase in the demand for information about the disease.

The inevitable consequence of a sudden and alarming change is the rise in scammers who take advantage of the fear and uncertainty accompanying it. Keeping in line with this, a report by Interpol early during the pandemic revealed that cybercriminals were increasing their attack efforts at an alarming pace.

The rise of the scamdemic

Two of the most common cyberattacks that have increased dramatically during the pandemic are pharming and phishing. Interestingly, both names have been taken from traditional sources of income—farming and fishing—before morphing into a ploy in the cyber context.

Phishing is a sort of social engineering that tricks individuals into disclosing private information. Cybercriminals typically send a malicious email with a seemingly legitimate source name in order to fool the recipient into clicking on an accompanying infected link. Hackers are then able to access the victim's private data.

Studies show that over the last year, phishing attacks on organizations jumped from 72% in 2017 to 83% in 2021, leading to what has been dubbed the scamdemic. Phishing scams are delivered via email, SMS (smishing), and voice messaging (vishing) and come in a variety of sophisticated subsets, such as whale phishing (targeting senior executives of an organization for financial gain) and spear-phishing (targeting low or mid-level employees who have access to certain sensitive information).

Pharming occurs when cybercriminals install malicious code on a user's device or on a server, redirecting them to bogus websites. These bogus websites may appear legitimate at first glance, but they are designed to steal sensitive information such as the user's login information, personal data, and banking information. Thousands of such fraudulent websites were created on a daily basis during the pandemic. Pharming is trickier to spot, because the attacks are at the DNS level. The techniques employed include DNS hijacking, DNS cache poisoning, and DNS spoofing.

Increased vulnerability to phishing

The main causes for the increased vulnerability to phishing during the scamdemic include:

• Working from home: accessing corporate resources through an unsecured network.
• Lack of awareness: no training or awareness given to employees about possible cybercrime.
• Unhygienic security practices: using personal devices to access corporate data and other poor security practices such as credential sharing.
• General sense of alarm: extreme levels of stress and anxiety experienced during the peak of the pandemic.
• Extremely sophisticated attacks: attacks that are now extremely sophisticated and are difficult to detect even for the experienced eye. For instance, attackers created ad-hoc messages that resembled government notifications about the pandemic to boost their credibility.

Notable victims of phishing attacks include users of Paypal, Microsoft, and Netflix as well as a whole host of government and non-government organizations. Ironically, official organizations are not above perpetrating attacks themselves, as evidenced in the Charming Kitten attacks by agencies affiliated with the Iranian government.

Consequences and financial impact

The financial impact of the scamdemic has been staggering. The total loss due to cybercrime in the year 2020 alone was nearly $1 trillion. The main losses incurred by organizations were due to:

• Administrative overhead for incident response, mitigation, and cleanup.
• Ransomware settlements.
• Operational outages.
• Legal costs to deal with the aftermath of data breaches.
• Customer attrition and subsequent loss of revenue.

Defenses and countermeasures against the scamdemic

Because of how many ways phishing is perpetrated and the speed at which attack methods are evolving, defenses and countermeasures must be implemented, not just in traditional forms, but also in new-age methods like machine learning and AI.

Traditional scam detection includes manually scrutinizing emails, messages, and other forms of communication for abnormalities. Some basic yet effective methods are:

• Improving user-awareness on scam detection: Cybersecurity awareness goes a long way in helping individuals identify and steer clear of phishing attacks.
• Installing cybersecurity systems: Dedicated cybersecurity systems have regularly updated databases of known threats. Investing in a cybersecurity defense system will significantly enhance protection against cyberattacks.
• Employing multi-factor authentication (MFA): MFA ensures that credentials, even if stolen by attackers, cannot be used to gain access to employee accounts.
• Using VPNs: Hackers can't monitor user traffic and lead users to malicious websites.

AI can be used to detect scams by:

• Identifying malicious websites: Typosquatting, cybersquatting, and homograph domain name techniques can be intelligently detected in website URLs.
• Identifying malicious emails: Email links can be analyzed to identify malicious websites. Email header analysis can also be used to detect spoofing or masquerading attacks.
• Detecting malicious apps: Both static and dynamic analysis of apps can help detect app repackaging or spoofed app names and logos.
• Detecting smishing and vishing: Natural language processing techniques can be used to identify commonly used phishing keywords.

The way forward

Though scams are evolving at supersonic speeds, methods of detection and prevention are nowhere near as sophisticated. Modern methods that employ algorithmic machine learning and AI require massive datasets for training and analysis. These datasets are still in the nascent stage. However, progress is being made, as seen by email attack-detection systems such as HOLMES, an anomalous threat detector.

Another basic yet major countermeasure against cyberattacks is cyber resilience. Focus needs to be given to the system's ability to recover and adapt following an attack, not just resist blows.

Final words

The pandemic is not over, and neither is the scamdemic. COVID-19 is becoming a part of life, and so are cyberattacks. In fact, a study. by Juniper Research shows that the frequency and level of sophistication of cyberattacks is expected to worsen in coming years. The solutions to combat these highly sophisticated cyberattacks are still in the early stages of development, meaning organizations are still in need of technical and intelligent solutions to detect such attacks.

The first step towards solving any issue is to analyze the situation thoroughly and learn from the data gathered. Accumulating information and building datasets on the rampant cyberattacks today is critical. Equally important is capitalizing on the lessons learned during this pandemic, as these experiences will play a crucial role in surviving future scamdemics.