What You Need to Know About Email Phishing
by Nick Volpe
Email phishing attacks are largely on the rise. We want to give you more information so you can protect yourself and your business.
What is it?
Email phishing is a method used by bad-guys to trick and bait email users into sharing confidential information or downloading malware to their computer. Usually, the email looks like it is from a legitimate or trusted sender in order to gain your trust in tricking you into action. In the earlier days, the most common phishing attempts were Microsoft emails and emails from package tracking companies informing you of an upcoming delivery. More recently, however they are using more sophisticated methods to tricking you into trusting the emails.
This type of phishing is a targeted attack. Generic phishing scams will send out thousands or millions of unsolicited emails to anyone and everyone. With spear phishing, the scammers will use more sophisticated methods to get specific information from a specific group. For example, a scammer may have gotten your email address from a compromised banking database. They can then use that information to send an email and spear phish your banking log-in information.
This is one of the biggest growing and dangerous threats. CEO fraud is a type of spear phishing where a scammer will spoof the email of a business leader or someone of authority in your company. They will request that someone else in the company, usually in accounting, wire money to a fraudulent bank account under the guise of a legitimate business transaction.
Not so much a type of phishing, this is often the goal of a phishing scam. Often a scammer will send an email with an attachment or link to an infected file. That file will download, usually in the background, a ransomeware variant with the intent of encrypting data. A common example is a fake resume sent to an HR department. The HR rep downloads the Word document or fake zip file which then runs a macro infecting the computer/network with ransomeware.
What does it look like?
Here are some common phishing email examples:
What can I do?
- Check out this quiz from our partner to get some good practice with spotting common email phishing techniques.
- Make sure you change your email account password regularly with a very secure password using the following guidelines:
- 12+ characters in length
- combination of uppercase and lowercase letters
- use multiple numbers
- use multiple symbols
- refrain from the use of dictionary words or guessable words or numbers like your birthday or dogs name
- Do not click on links in emails. Any reputable company will allow you to call them to confirm or type in their website address manually versus clicking a suspect link in an email.
- Do not reply to or compose emails with any confidential information.
- If an email looks legitimate but asks for something sensitive such as credit card information, social security information, or money wiring instructions, contact the person via other means. Email spoofing is a common tactic used to trick users into thinking the information is being sent in a safe and secure manner.
- Make sure your business or organization has an ongoing security awareness program for employees so that they are always on the look out for the newest threats.