These are variations on a theme, all intended to trick innocent users into unintentionally providing attackers with access to their bank accounts, PayPal, and email, personal devices, or other forms of private information that may be available to attackers. misused.
In the face of simpler attacks, we’ve been warned to always visually examine the URL any link leads to us as well, to make sure we’re on the website we think we are. But attackers have adjusted to this new awareness and have found ways to mislead even very attentive victims, according to Elad Schulman, co-founder and former CEO of Tel Aviv-based cybersecurity firm Segasec Labs Ltd. .
In a recent interview with 30 Minutes or Less, a Hebrew-language podcast devoted to the Israeli tech scene, Schulman explained how some hackers create URLs that look legitimate to the naked eye.
“You can go to a website that looks exactly like PayPal’s and even the URL would look correct, but instead of a P in English it would use the same character but in a different language,” Schulman said.
Some have suggested that the way forward would be for companies to buy all variations of their domains, Schulman said, but the number of possible variations is practically endless and the cost to each company would run into several million dollars per year.
Founded in 2017, Segasec has developed a cybersecurity service that protects website operators, including financial institutions, insurers, and retailers, from consumer phishing scams. In January, Segasec was acquired by Nasdaq-listed messaging and data security company Mimecast Ltd. for an estimated $ 40 million to $ 50 million. Segasec now operates as a division of Mimecast and Schulman has been appointed vice president of brand protection at the parent company.
Prior to the acquisition, Segasec raised $ 5 million from investors, including Innogy Innovation Hub, the accelerator and venture capital arm of Berlin-listed energy company Innogy SE.
According to Schulman, one of the biggest difficulties with phishing attacks is that most of them are so easy to create. “A 15-year-old with a smartphone can launch an attack from the bathroom,” he said. However, while easy to throw, they are difficult to intercept, he said. Billions of dollars a year are stolen through phishing attacks around the world, he added.
Schulman believes that one way private users can minimize their exposure is to never trust hyperlinks. Don’t enter passwords or private information into pages opened via hyperlinks, he suggested. It’s always better, though less convenient, to enter the URL yourself, in case someone spoofed the hyperlink, he said.
If someone you know is emailing or texting you to send them money, even if it’s your boss, Schulman said, never be afraid to pick up the phone and make sure you know that it is indeed those who ask for it. The potential annoyance is much less than the risk of fraud, he explained.
The 30 Minutes or Less podcast is hosted by Navot Volk and tech entrepreneur Aviv Frenkel. The two interview tech founders, investors and other key members of Israel’s tech ecosystem.