What is phishing?
Phishing is a cybercrime that uses electronic communication to take advantage of users. Attackers attempt to gain sensitive or confidential information, such as usernames and passwords, credit card information, and more by posing as legitimate organizations or individuals. They use social engineering to manipulate victims into clicking on malicious links and entering this information. Below are eight ways to identify a phishing email.
Types of Phishing
These attacks will not look random, like a general phishing attempt. Attackers will gather information about the victim to make the email feel more authentic.
Attackers will make almost identical copies of previously delivered email messages and change an attachment or link to something malicious.
Specifically targeting high profile and/or senior executives at organizations, they will often present themselves as legal communication or other high-level executive business.
Methods of Phishing
Requests for Sensitive Information.
A legitimate organization will never ask you to enter any information that is sensitive by following a link. You will usually be asked to go to the official website or app to enter your credentials and any other information that is required.
Most hackers will greet you with a “Dear valued customer” or “Dear account holder”. Sometimes, ads will not even include a greeting. These are clear signs that this might be a phishing attempt. Genuine organizations will use your full name.
Check the Domain.
Don’t just check the name of the sender. Check the email address attached by hovering over the ‘from’ address. If you see any changes from what you were expecting, like numbers or letters added, this might be a phishing attempt.
Legitimate organizations will send emails that are well written. There are no spelling errors or bad syntax. Hackers believe their prey are less observant and easier targets, so they tend to have spelling errors and grammatical mistakes in what they send out.
Forcing You on to Site.
If in doubt, don’t open the email. A lot of the time, emails can be coded entirely as a hyperlink so any accidental click anywhere in the email can lead you to a malicious site or start a spam download on your computer.
Authentic organizations will seldom send you attachments. They will usually direct you to their website to download what you need from there. It’s not foolproof because there are times when they will send you information that you need to download, but this isn’t very common.
Always hover over any links in the email because it may not be all it appears to be. When you hover over the link, it will show you the actual URL it will direct you to.
Sense of Urgency.
One of a hacker’s favorite methods to hook a victim is asking them to act fast, either by offering a one-time deal for a limited time or stating that your account has been compromised. It is usually best to ignore these communications.
Why is email such an easy target? Because while most people know how to send and receive emails, the same cannot be said about the understanding of how emails are sent or received. This lack of understanding also make gaining access to emails so simple, that hackers just can’t resist.
The simplicity inherent to modern email interfaces lulls users into a false sense of security. “Of course the email is secure, how could it not be?”. We can check it anywhere. Send communication from anywhere at any time with a click of a button. However, a potent combination of human error and malicious agents can make emails one of the most dangerous threats to an organization’s security. Email-based threats account for 25% of all data breaches within the US and causes major losses numbering in the billions of dollars annually.
As with all cyber security, email security starts with employee training, helping employees understand how to identify and question suspicious looking emails. Alongside this training, organizations need to make sure that they have the right tools to fight against this data theft; anti-virus filters, email filtering, email encryption and more.
Need more info? The Federal Trade Commission can help you identify and avoid phishing scams. Also make sure your employees follow the Braxton-Grant Technologies guide on the fundamentals.