What is Email Phishing and How to Prevent It
November 21, 2017
What is a Phishing Attack?
A Phishing Attack is a fraudulent attempt to trick an email recipient into sharing sensitive information like login credentials, account information, or personal data. The sender poses as a reputable business or known person in order to get the recipient to click on a link and open an attachment. Phishing attacks are becoming more sophisticated everyday.
"97% of people around the world cannot identify a sophisticated phishing email."
What is Spear Phishing?
Attacker attempts to gain access to confidential data buy posing as a trusted source. Of ten within the same company.
What is Whale Phishing?
Attackers can impersonate high-level executive, tricking another employee into sending money to an account that turns out to be a sham or distributing sensitive corporate or personal data.
How to Stop a Phishing Email Threat:
The best defense companies have against phishing attacks is to block malicious emails before they reach customers with the DMARC (Domain-based Message Authentication Reporting and Conference) standard. Use an email security email service like Barracuda or Mimecast which scans email in real-time to identify suspicious messages. Software prevents Phishing attacks by identifying social engineering tactics that try to trick employees into divulging confidential data or wiring funds to a fraudulent account. Certain signs that flag attacks are:
- Domain of the email address
- Content of the message
- Typosquatting protection
- Scanning all URLs within incoming and archived emails
- Only opening websites that are determined to be safe
The software is not 100% though. There are always ways to get around security protocols. It is important for companies to do their part as well. Emails that are not caught are extremely sophisticated and effective. 97% of people around the world cannot identify a sophisticated phishing email. That’s were customer / employee education comes in.
- Don’t trust the display name – when receiving an email, a display name will usually show. The actual email address may not show. Check the header to see the email address that you are receiving it from.
- Look but don’t click – Look at the actual URL that links are pointing to. You can do this by hovering your mouse over the link. The URL will show on the bottom of the browser. To test the link, open a new browser window and type in the website address directly rather than clicking on the link.
- Check for spelling mistakes – grammatical and spelling errors is a high indicator that the email is not authentic.
- Analyze the salutation – What is the greeting? Is it geared towards a broad customer base or “valued customer”? A legitimate email will often contain a personal greeting using your first and last name.
- Don’t give up personal information – Banks and other professional companies will never, ever ask for personal information over email. If you ever see a message asking for information understand that the email is most likely fraudulent.
- Beware of urgent or threatening language in the subject line – Urgency can push people to worry and give up information easier and faster than ever. This includes account suspension, unauthorized login attempt, or even having a computer virus.
- Review the signature – Lack of details about the signer is an indicator of Phishing. Companies will not only have a name but also an address, contact phone number, email, web address, etc.
- Don’t click on attachments – Attachments can contain malware which can damage computer files, steal passwords and spy on your every move. Do not click on any attachments that you are not expecting an attachment.
- Don’t trust the header from email address – Don’t trust the email address in the header. Studies show that 30% of more than 760,000 email threats spoofed information in the header and two thirds spoofing the email domain alone.
- Don’t believe everything you see – Phishers are extremely good. Also take an email that you aren’t expecting cautiously. Just because the email has professional images, a company logo, or valid email it does not mean that the email is legitimate.
Holiday Phishing Scams
Phishing attacks are at an all time high during the holiday season. Attackers impersonate big brands and popular stores to lure victims into forfeiting their personal information. This is either by "unlcoking" an Amazon gift card or even tricking you into logging into what you think is the real website.
Here are three popular methods attackers are using to trick shoppers into sending personal information:
- Hijacking e-commerce brands like Amazon with gift card scam emails.
- Impersonating brick and mortar stores including Walmart and Kohls.
- Hijacking brands of well-known consumer products such as Ray-Ban and Michael Kors.
Here are some great examples of what look to be legit emails from popular brands.
Contact Brave River today to learn more about how we can help your company and clients stay safe from email phishing scams as well as other computer and networking security threats.
View Our IT Security Assessment Services