What You Need to Know About Email Phishing
by Nick Volpe
Email phishing attacks are on the rise. How can you be protect yourself?
What is Email Phishing?
Fundamentally, email phishing is a method used by bad-guys. Their intent is to trick and bait email users. Plus, it tricks them so that they share confidential information or downloading malware to their computer. Usually, the email looks like it is from a legitimate or trusted sender. This is done in order to gain your trust or to trick you into action.
In the earlier days, the most common phishing attempts were Microsoft emails. Alternatively, they were emails from package tracking companies informing you of an upcoming delivery. More recently, however they are using more sophisticated methods to tricking you into trusting the emails.
This type of email phishing is a targeted attack. Honestly, generic phishing scams will send out thousands or millions of unsolicited emails to anyone and everyone.
Yet, with spear phishing, the scammers will use more sophisticated methods.
When sent, these are intended to get specific information from a specific group.
For example, a scammer may have gotten your email address from a compromised banking database. Then, they can use that information to send an email and spear phish your banking log-in information.
Realistically, this is one of the biggest growing and dangerous threats.
CEO fraud is a type of spear phishing where a scammer will spoof the email of a business leader or someone of authority in your company.
They request that someone else in the company, usually in accounting, wire money to a fraudulent bank account under the guise of a legitimate business transaction.
Not so much a type of phishing, this is often the goal of a phishing scam. Often, a scammer will send an email with an attachment or link to an infected file.
That file will download, usually in the background, a ransomware variant with the intent of encrypting data. This is very dangerous!
A common example is a fake resume sent to an HR department. The HR rep downloads the Word document or fake zip file which then runs a macro infecting the computer/network with ransomware.
What does it look like?
Here are some common phishing email examples:
What can I do?
- Check out this quiz from our partner to get some good practice with spotting common email phishing techniques.
- Make sure you change your email account password regularly. This can be done with a very secure password using the following guidelines:
- 12+ characters in length
- combination of uppercase and lowercase letters
- use multiple numbers
- use multiple symbols
- refrain from the use of dictionary words or guessable words or numbers like your birthday or dogs name
- Do not click on links in emails. Any reputable company will allow you to call them to confirm. Or, you’ll type in their website address manually versus clicking a suspect link in an email.
Connect with our team to learn more!