08.14.2019

Phishing Awareness – Brush Creek Partners tips & tricks

By Emily Short

Phishing is Alive

Phishing is the top social attack on businesses, responsible for more than 90% of security breaches, according to recent reports.  Because no cybersecurity solution can guarantee your systems or network will not be hacked, it’s important to understand what to look for to protect your business from phishing attacks.  One click has the potential to compromise your entire network, so it’s important you work together to protect your critical infrastructure.  If you believe you received a phishing e-mail (even if you do not click on the link), you should let your team know.  It’s important to know if you are being targeted.

8 Phishing Phacts

  1. Phishing Explained

Phishing is a type of fraud in which a hacker attempts to gather personal information or credentials by impersonating a legitimate brand and sending users to a malicious website.

  1. E-mail Addresses Can Be Spoofed

Never trust an e-mail based simply on the purported sender.  Cybercriminals have many methods to disguise e-mails.  The most common types of spoofing are display name spoofing and cousin domains.  With display name spoofing, the cybercriminal uses a legitimate company name as the e-mail sender, but the e-mail underneath is a random address.  This is most effective when a user views the e-mail on a mobile device because a sender’s e-mail address is hidden.  A cousin domain looks identical to a legitimate e-mail address, but has been slightly altered.

  1. Subject Lines and E-mails Often Include Enticing or Threatening Language

Cybercriminals may promise free items or threaten that a credit card will be suspended without immediate action, evoking a sense of panic or urgency.  E-mails that have an aggressive tone or claim immediate action is necessary should be considered a potential scam.

  1. Attacks Are Becoming More Targeted – and Personal

Today’s cybercriminals are including the victim’s name in the subject line and pre-filling the victim’s e-mail address on the phishing webpage.  Do not assume the e-mail is legitimate simply because it uses your name.

  1. Phishing E-mails Are Getting Better and Better

We need to read e-mails carefully, not just skim them.  Many phishing attacks are launched from other countries, and although this can result in glaring grammar and stylistic issues, cybercriminals have become more sophisticated.  They have resources to compose clean e-mails in their target language, and they make fewer mistakes.  Make sure to read e-mails carefully for both glaring and subtle grammatical issues that might indicate that the sender is not reputable.

  1. Links Aren’t Always What They Seem

Every phishing e-mail includes a link, but phishing links are deceptive.  While the link text may say “Go to Office 365 account,” the URL takes the user to a phishing page designed to look like Microsoft.  Make sure to hover over all links before clicking them to see the pop-up that displays the link’s real destination.

  1. Phishing Links Can Be Sent via Attachment

Phishing links are not always in the e-mail.  To avoid detection by e-mail security filters, hackers will include a phishing link in an attachment, such as a PDF or Word document.  The e-mail itself will appear to be from a legitimate business, vendor, or colleague, asking you to open the attachment and click on the link or review or update information.

  1. Hackers Use Real Brand Images and Logos in Phishing E-mails

Brand logos and trademarks are no guarantee that an e-mail is real.  These images are public and can be downloaded from the internet or easily replicated.  

Source: https://www.vadesecure.com/en/phishing-awareness-training-8-things-employees-understand/