About cookies on this site
Our website uses cookies. Some cookies are necessary for the proper functioning of the website and therefore it is not possible to reject them. Apart from these cookies, we also use other cookies that you can manage. In order to manage cookies, click on ‘Manage Cookies’ and make your selection. You can also allow all cookies, as well as choose to use only the strictly necessary cookies For more information, see the Vercom S.A. Cookie Policy.
About cookies on this site
Our website uses cookies. Some cookies are necessary for the proper functioning of the website and therefore it is not possible to reject them. Apart from these cookies, we also use other cookies that you can manage. In order to manage cookies, click on ‘Manage Cookies’ and make your selection. You can also allow all cookies, as well as choose to use only the strictly necessary cookies For more information, see the Vercom S.A. Cookie Policy. Additionally you can see a list of cookies assigned to each category and detailed information in the cookie declaration.
These cookies are necessary for the proper functioning of our website. Strictly necessary cookies cannot be excluded in our systems. You can set your browser or device to block these cookies, but then some sections of our website will not work.
CookieHub is a Consent Management Platform (CMP) which allows users to control storage and processing of personal information.
Cookies
Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.
Cookies
Google reCaptcha enables web hosts to distinguish between human and automated access to websites.
Cookies
These Cookies make it possible to provide the Services with enhanced functionality and personalisation. They can be placed by us or by external suppliers whose services we have added to our websites. If you do not allow these cookies, some or all of these services may not work properly.
These cookies allow us to collect information about how users use our Services. For example, they allow us to count page views and traffic sources so that we can measure and improve the performance of our Services. If you do not allow cookies, we will not know when users visit our websites and we will not be able to monitor the functioning of our websites.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.
Cookies
These cookies may be placed by us or by our advertising partners. They may be used by these entities to build up a profile of your interests and to display advertising that is relevant to you. If you do not allow these cookies, you will still see advertisements, but they will not be tailored to your interests and may therefore be of less interest to you.
Google Ads is an advertising service by Google for businesses that want to display ads on Google search results and its advertising network.
Cookies
A piece of code that lets businesses measure, optimise and build audiences for advertising campaigns.
Cookies
The LinkedIn Insight tag powers conversion tracking, website audiences, and website demographics within the LinkedIn system.
Cookies
Cookies used on the site are categorized and below you can read about each category and allow or deny some or all of them. When categories than have been previously allowed are disabled, all cookies assigned to that category will be removed from your browser. Additionally you can see a list of cookies assigned to each category and detailed information in the cookie declaration.
Strictly necessary cookies
These cookies are necessary for the proper functioning of our website. Strictly necessary cookies cannot be excluded in our systems. You can set your browser or device to block these cookies, but then some sections of our website will not work.
Name | Hostname | Vendor | Expiry |
---|---|---|---|
_GRECAPTCHA | www.google.com | 180 days | |
Used by Google reCaptcha for risk analysis | |||
cookiehub | .emaillabs.io | CookieHub | 365 days |
Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the site. | |||
__cf_bm | .clutch.co | Cloudflare, Inc. | 1 hour |
The __cf_bm cookie supports Cloudflare Bot Management by managing incoming traffic that matches criteria associated with bots. The cookie does not collect any personal data, and any information collected is subject to one-way encryption. | |||
__session | .gitbook.com | 400 days |
Functional Cookies
These Cookies make it possible to provide the Services with enhanced functionality and personalisation. They can be placed by us or by external suppliers whose services we have added to our websites. If you do not allow these cookies, some or all of these services may not work properly.
Name | Hostname | Vendor | Expiry |
---|---|---|---|
lidc | .linkedin.com | LinkedIn Ireland Unlimited Company | 1 day |
Used by LinkedIn for routing. | |||
li_gc | .linkedin.com | LinkedIn Ireland Unlimited Company | 180 days |
Used by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes |
Analytical & Maintenance Cookies
These cookies allow us to collect information about how users use our Services. For example, they allow us to count page views and traffic sources so that we can measure and improve the performance of our Services. If you do not allow cookies, we will not know when users visit our websites and we will not be able to monitor the functioning of our websites.
Name | Hostname | Vendor | Expiry |
---|---|---|---|
_ga | .emaillabs.io | 400 days | |
Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | |||
_gid | .emaillabs.io | 1 day | |
Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | |||
_dc_gtm_ | .emaillabs.io | 1 hour | |
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager | |||
bcookie | .linkedin.com | LinkedIn Ireland Unlimited Company | 365 days |
This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media. | |||
_ga_ | .emaillabs.io | 400 days | |
Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. |
Cookies related to advertising (Marketing & Advertising)
These cookies may be placed by us or by our advertising partners. They may be used by these entities to build up a profile of your interests and to display advertising that is relevant to you. If you do not allow these cookies, you will still see advertisements, but they will not be tailored to your interests and may therefore be of less interest to you.
Name | Hostname | Vendor | Expiry |
---|---|---|---|
_fbp | .emaillabs.io | Meta Platforms | 90 days |
Facebook Pixel advertising first-party cookie. Used by Facebook to track visits across websites to deliver a series of advertisement products such as real time bidding from third party advertisers. | |||
IDE | .doubleclick.net | Google Advertising Products | 390 days |
Used by Google's DoubleClick to serve targeted advertisements that are relevant to users across the web. Targeted advertisements may be displayed to users based on previous visits to a website. These cookies measure the conversion rate of ads presented to the user. | |||
_gcl_au | .emaillabs.io | Google Advertising Products | 90 days |
Used by Google AdSense to understand user interaction with the website by generating analytical data. | |||
UserMatchHistory | .linkedin.com | LinkedIn Ireland Unlimited Company | 30 days |
Contains a unique identifier used by LinkedIn to determine that two distinct hits belong to the same user across browsing sessions. | |||
AnalyticsSyncHistory | .linkedin.com | LinkedIn Ireland Unlimited Company | 30 days |
Used by LinkedIn to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries | |||
bscookie | .www.linkedin.com | LinkedIn Ireland Unlimited Company | 365 days |
Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
Michał Błaszczak, Published on: 1 September 2022, Modified on: 7 January 2025
Phishing is a form of fraud that involves impersonating a trusted institution or person (e.g., a bank, courier company or public figure) to persuade a victim to take action in order to benefit the attacker, such as providing login credentials. According to the 2021 annual report, CERT Poland handled as many as 22,575 phishing-related incidents, classifying this cyber threat as one of the most popular in 2021.
When talking about phishing, we often deal with mass mailing. However, there are several types of popular phishing out there, which are worth distinguishing:
Phishing attacks have evolved significantly over the past few years. They are no longer inane messages which are very different from genuine emails, while fraudulent website looks similar to the original one. What’s more, phishing messages are more and more often being used to send malware that can lead to ransomware attacks.
Currently, attackers use various techniques to hide their true intentions while creating phishing campaigns. These include browser-in-the-browser, homography attack or using trusted web pages to embed malware. Phishing also owes its popularity mainly to a large number of automated tools which can set up entire phishing campaigns – so you don’t need to be a developer or technology expert to create such a campaign. At the same time, in the so-called darknet, it is more and more common to find “Phishing as a Service”, that is websites where, for a subscription fee, we have access to many templates of popular sites or fake payment gateways, allowing us to phish for e.g., BLIK codes. With a subscription, we also get domains on which the entire infrastructure required is automatically set up.
‘I believe in the next few years the popularity of phishing will increase even more. Looking at today’s techniques, I can say that unless we regularly educate our employees and keep our systems secure, we may reach a situation which makes us very vulnerable to all sorts of attacks.’
Michał Błaszczak, Pentester EmailLabs
What needs to be remembered, however, is that phishing is not limited to email messages only. There is also Vishing or Voice Phishing, in which scammer call us (often impersonating bank operators) to trick us into revealing personal information, and Smishing or phishing via text message.
Apart from traditional phishing, criminals are often using smishing, the above-mentioned phishing via SMS. Since it’s not a problem to impersonate a particular service provider, cyber attackers are using it as another way to spread fake websites or malware. The rules behind this attack are the same as for classic phishing. The offender tries to influence us with certain emotions and thus force us to enter a given website address. There are cases in which this cybercriminals are so confident they don’t even impersonate specific service providers and send messages from ‘normal’ phone numbers. One would think that nobody would read such a message, however, the reality is far from that.
As I mentioned earlier, phishing has evolved strongly in recent years and attackers no longer limit themselves to creating a similar email address. So in this part of the article, we’ll have a closer look at some of the tactics used in ‘today’s’ phishing:
This technique displays an allegedly new window within a visited browser website, which simulates a fake login panel. In fact, that window is actually a page element, so the visible address of the new window is a plain text controlled 100% by the attacker. As a result, users may believe they are logging from a real website, especially since nowadays signing-in via third party services, e.g. Facebook, Twitter, Github, is nothing new (for such logins, we may see a ‘pop-up’ window asking to sign-in). The easiest way to recognize such attacks is to try to ‘pull’ the new window out of the web page we are on. If we fail to do so, we can be sure a Browser in the Browser technique has been used to attack us.
It’ an attack which takes advantage to create and display URLs that include characters from non-Latin alphabet. Since different alphabets can have very similar characters, it can be used to build a nearly identical URL for a phishing attack.
Well-known link shorteners work in a rather simple and familiar way, however, it’s worth noting that there are shorteners much more sophisticated than the ones we know. That’s because some of them are able to trick websites which ‘expand’ links, letting us know if a particular shortened URL really leads to, e.g. a bank web page. Besides, such shorteners are able to redirect users to different pages based on a device which the link is opened on, so the attack can be more targeted and harder to detect.
Cybercriminals are increasingly using popular and thus, trusted websites for conducting i.a., phishing attacks. By taking advantage of such pages, attackers effectively lull victims into a false sense of security. As part of this technique, they embed malicious files in familiar sites or create fake login pages. A full list of such websites can be found at Lots Project.
Security Manager
He was supposed to be an architect in the past, but life has made him an ethical hacker. He likes to know how something is built so that it is easier for him to break it later. Daily, he performs penetration testing at Vercom so that all applications are secure and users don't have to worry about their data security. After work, he spends most of his free time developing and acquiring new skills to find vulnerabilities even more efficiently.
See more articlesEmail Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
EmailLabs Team, 22 May 2023
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Natalia Zacholska, 8 February 2023
Best practices, Compliance & Security
As we step closer to a digitally connected future, ensuring inclusivity in our marketing strategies is more important than ever. Email, a cornerstone of digital communication, must evolve to...
EmailLabs Team, 7 January 2025
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Daria Kubacka, 10 December 2024
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
EmailLabs Team, 3 December 2024
We are proud to announce that Vercom S.A., the company behind the EmailLabs project, successfully passed an audit for compliance with the latest ISO/IEC 27001:2022 and ISO/IEC 27018:2019 standards....
Natalia Zacholska, 19 September 2024
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Michał Błaszczak, 1 September 2023
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
EmailLabs Team, 21 July 2023
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
EmailLabs Team, 22 May 2023
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Natalia Zacholska, 8 February 2023
Best practices, Compliance & Security
As we step closer to a digitally connected future, ensuring inclusivity in our marketing strategies is more important than ever. Email, a cornerstone of digital communication, must evolve to...
EmailLabs Team, 7 January 2025
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Daria Kubacka, 10 December 2024
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
EmailLabs Team, 3 December 2024
We are proud to announce that Vercom S.A., the company behind the EmailLabs project, successfully passed an audit for compliance with the latest ISO/IEC 27001:2022 and ISO/IEC 27018:2019 standards....
Natalia Zacholska, 19 September 2024
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Michał Błaszczak, 1 September 2023
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
EmailLabs Team, 21 July 2023
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Natalia Zacholska, 21 November 2024
Gmail users may soon benefit from a game-changing feature called Shielded Email, designed to enhance privacy and combat spam. While the feature has not yet been officially launched, recent...
Natalia Zacholska, 18 November 2024
Are you frustrated with the constant struggle of your emails getting blocked by Gmail? Have you ever wondered about the reasons behind this issue and, more importantly, how to...
Aleksandra Duło, 11 October 2024
In the ever-evolving landscape of email management, Google has announced an exciting upgrade to Gmail’s summary cards, aimed at improving user experience and streamlining inbox navigation. The latest enhancements,...
Natalia Zacholska, 4 October 2024
Entering the world of email communication, you’ll encounter many terms that initially seem straightforward and intuitive. However, some of these can be pretty challenging. Accurately distinguishing between them is...
Daria Kubacka, 26 September 2024
Best practices, Compliance & Security
As we step closer to a digitally connected future, ensuring inclusivity in our marketing strategies is more important than ever. Email, a cornerstone of digital communication, must evolve to...
EmailLabs Team, 7 January 2025
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Daria Kubacka, 10 December 2024
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
EmailLabs Team, 3 December 2024
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
Aleksandra Duło, 27 November 2024
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Natalia Zacholska, 21 November 2024
Gmail users may soon benefit from a game-changing feature called Shielded Email, designed to enhance privacy and combat spam. While the feature has not yet been officially launched, recent...
Natalia Zacholska, 18 November 2024
Are you frustrated with the constant struggle of your emails getting blocked by Gmail? Have you ever wondered about the reasons behind this issue and, more importantly, how to...
Aleksandra Duło, 11 October 2024
In the ever-evolving landscape of email management, Google has announced an exciting upgrade to Gmail’s summary cards, aimed at improving user experience and streamlining inbox navigation. The latest enhancements,...
Natalia Zacholska, 4 October 2024
Entering the world of email communication, you’ll encounter many terms that initially seem straightforward and intuitive. However, some of these can be pretty challenging. Accurately distinguishing between them is...
Daria Kubacka, 26 September 2024
Best practices, Compliance & Security
As we step closer to a digitally connected future, ensuring inclusivity in our marketing strategies is more important than ever. Email, a cornerstone of digital communication, must evolve to...
EmailLabs Team, 7 January 2025
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Daria Kubacka, 10 December 2024
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
EmailLabs Team, 3 December 2024
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
Aleksandra Duło, 27 November 2024
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Natalia Zacholska, 21 November 2024