Did you know 14.5 billion spam emails are sent everyday and hidden in these emails are scamming emails. emails targeting users to click on links or provide personal information that they can use to infiltrate the security of your PC to gain passwords, usernames and logins. These types of scamming emails are known as phishing emails.
What is a phishing email?
A phishing email is an email attempting to masquerade as an individual (this may be someone known to you) or an organisation. These emails may ask for help (i.e. a friend or loved one stuck in a foreign country with no way to get home) or may offer freebies and refunds; All phishing emails usually contain a click through link or require you to confirm personal information to access your account.
A test was conducted by KnowBe4, they sent test phishing emails to 6 million email users.
They found emails which created a knee-jerk reaction in the user were the most effective, this includes the offering or loss of money, free food and drink emails, missed delivery attempts from a courier and contact requests appealing to our basic curiosity.
Social media themed phishing attacks also proved to be popular, with LinkedIn notifications the most convincing with requests to add people, join networks, reset passwords, and new messages, convincing 53 percent of test subjects to click through on dubious links.
We are all potentially vulnerable to phishing attacks and as they become more refined and harder to tell from genuine emails it is important you never click on a link in an email without considering a few tips first.
Types of Phishing Emails
A very common form of phishing, these emails imitate a legitimate company, using their logos, footers, email signatures and general email format in an attempt to access personal information such as login credentials or bank account details.
An example of this may be an email from Paypal. These emails are often titled with ‘Suspended Account’ or other similar titles designed to cause worry and an instant reaction. In the body of the email they will ask you to click a link whether it’s to restore your account or act now. All phishing emails will be very similar, always pay close attention to:
- wording, grammar and spelling in emails
- the email address that the email has been sent from, it may look genuine but with simple letters added, changed or removed
- the details of the URL it is trying to send you to, hover over the link provided in an email, this will provide the actual URL it is sending you to.
Never risk it by clicking on the links, simply contact the business or organisation yourself by going direct to their website, using their email addresses provided on the website or by calling them.
Spear phishing are emails tailored to the individual they are targeting. They use personal details to make the email user believe it is a genuine email, such as your name, location etc, any personal details available on platforms such as social media.
They have the same objective as general phishing but are often harder to detect.
Always look at the style and form of the email, is it different from emails previously received from this source? Is the email asking you to do something different?
If you have any doubts, never click on any links.
“Hi, I’m out of the office but need to arrange payment immediately to ABC company for £3,500. Please make a bank transfer this afternoon, I can sign the necessary documents when I get back in …..”
This is a targeted form of phishing, it relies on personal information and contact details of the owner or a manager of the business which they then use to contact colleagues/staff to ask them to do something i.e. make a bank transfer to another individual or company.
These emails can be written in such a way to create urgency, this prevents the colleague questioning the original email before making the transaction as asked, when a quick phone call could have clarified it was actually a hoax.
If your manager, boss or colleague has not previously sent emails asking for transactions to be made, always double check by phone or in person.
Also look closely at the email address used to send the original email, the slightest change i.e. exchanging an o for an 0 or adding one extra letter to an email address is hard to detect and can make the email look genuine.
It’s better to delay a transaction rather than send money to cyber fraudsters.
Pharming involves domain name system (DNS) cache poisoning.
Malicious code or a Trojan is installed on a computer or server, changing a computer’s host file to direct traffic away from the original URL, directing users to a fraudulent website, with the potential to install more viruses/Trojans or collect personal information. If it affects the DNS server, it can cause multiple users to visit the fake website without them been aware.
Anti-virus software can help prevent this however it is not 100% fail safe against such cybercrime as it is harder to detect and the websites users are directed to can look legitimate and genuine.
By using firewalls, you can protect and secure your IT network. For further information get in touch with us today.
Dropbox/Google Docs Phishing
Online file-sharing is one of the easiest online scams.
You receive an email supposedly from Dropbox or Google Docs saying someone (this could be someone you know) has sent you a file. To see that file you need to click on a link, you click on the link and it takes you to the website. When you arrive on the page it all looks genuine and to see the document you need to login. You enter your username and password, click enter and end up on a very different website unaffiliated with Dropbox or any other file sharing platform.
The cybercriminals now have your login details to whichever email platform you used to try to login to the fake Dropbox (Google Docs etc) website, they can now login to your email account, hijack your account and use it to distribute the same scam to all of your contacts in your online email address book.
When using any file-sharing platforms/websites it is recommended wherever possible to use Two-Factor Authentication. This will provide a six-digit code whenever a user logins in to the platform or a new user is added.
If you are sharing files online you could login directly to your file sharing website rather than clicking on any links in emails. When logged in you should be able to see any files which are being shared with you and who they are from.
What can be done
Putting the right technology in place such as firewalls and antivirus software along with providing security awareness for all staff minimises the risk of phishing attacks.
Your business and your employees need to be aware of these risks and avoid them wherever possible.
Speak to Myriad Digital today to discuss how we can help keep your business safe from cybercrime.