Phishing is one of the most successful ways hackers get confidential information. Can you recognize a phishing email when it lands in your mailbox?
Phishing has evolved since it was devised as a way to fool people via email. Cybercriminals are smart. They don’t rely on the same scheme for too long before altering it to take their target by surprise or circumvent a new security measure. Is your IT network protected from the evolved cybercrime?
The Evolution of Phishing — Are You Keeping Up?
Phishing and other types of cybercrime never stop evolving. Just this year (2019), a new variation of phishing was discovered, in which cybercriminals embed malware in emails and disguise it as a voicemail recording. This is just the latest invention in a long line of ever-changing and consistently effective cybercrime weapons.
How Does This Keep Happening?
Very few businesses are learning how these breaches occur, and what to do to prevent it from happening to them. Cybercriminals can keep relying on the same old tactics to penetrate a business’s computer systems because they’re still working. That’s why each time a breach like this occurs, it’s vitally important that you find out how it happened, and then determine whether a similar vulnerability exists in your organization.
What is Phishing?
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources to get recipients to reveal sensitive information, and/or execute significant financial transfers. Phishing attacks are mass emails that request confidential information or credentials under false pretenses, link to malicious websites, or include malware as an attachment. With only a small amount of information, cybercriminals can convincingly pose as business members and superiors to persuade employees to give them money, data or crucial information.
Why is Phishing Dangerous?
The average phishing attack costs a business $1.6 million. Unfortunately, the rising tide of cybercrime incidents is that you get desensitized to it all. A case in point — the Alive Hospice in Nashville has reported that an employee’s email account was accessed by an unauthorized party in May 2019. When the suspicious activity was noted, they launched an investigation and discovered that the hackers had access to the account for two days.
The fact is that businesses aren’t learning to protect themselves from this malicious activity, which is why the amount of reported phishing attacks has risen by 65% in the past few years.
How Has Phishing Evolved?
“Vishing” is one of the newest variants of phishing being tracked by cybersecurity professionals. Instead of attaching malware to an email and disguising it as a PDF to entice users, cybercriminals are disguising it as an audio file, and make the email appear to be from an automated voicemail service. Legitimate voicemail services are becoming more common in the current business climate. When a user receives a voicemail, they also get an accompanying email with a recording of the message to review without needing to access their voicemail box. Regardless of how vishing works, it’s based on the same principle as other types of phishing. It assumes the user will believe that the emails is legitimate, and download the attachment. That’s why all of your employees need to learn how to identify a phishing email before making a critical error.
How Can I Identify a Phishing Email?
Knowing these tips will help your staff spot a phishing attempt.
Before looking at the body of a message, check out the domain in the sender’s email address. It might say that they’re from your bank, but the domain name doesn’t. It’s more difficult to spoof an actual domain name, so if it’s not 100% correct or seems fishy in any way, it probably is.
Always use your mouse to hover over a link to determine if it’s legitimate before clicking. Hovering will allow you to see where the link actually leads. It may look harmless, but when you see the actual URL, you’ll know for sure.
Spelling and Grammar
Cybersecurity awareness comes down to paying attention to the details. If an email is suspicious, look for any typos or glaring spelling errors. Legitimate messages from your bank or vendors are properly edited; phishing emails are notorious for basic spelling or grammatical mistakes.
How vague is the email? Legitimate senders already have your information such as your first name, and will use it in the greeting. Scammers often employ vague terminology such as ”valued customer.” This allows them to use the same email for multiple targets in a mass attack.
Urgent and Threatening
If the subject line sounds like an emergency — ”Your account has been suspended,” or ”You’re being hacked” — that’s another red flag. It’s in the interest of the scammer to make you panic and move quickly, leading you to miss other indications that it’s a phishing email.
Phishers will often attempt to get you to open an attachment, so if you see an attachment in combination with any other indications, it’s only more proof that the email is likely part of a phishing attempt.
In the end, there isn’t any perfect technological solution that will save you from phishing. It comes down to the users, and how capable you are at spotting a scam email when it arrives in your inbox.