Phishing emails are one of the largest cyber crimes which have many wondering how to identify phishing emails to protect themselves and their organization.
Simply explained, phishing emails are created to scam a user by getting a person to click on a link, attachment, or a picture. Once you click, you gave up access.
Here are some examples of phishing emails at their best!
Tech Support Scams
Over the years, many service providers have been upgrading the customer experience by giving their clients more ways to access their team. Unfortunately cyber criminals are using these methods so users should be aware of bad grammar, colours, odd requests, or other information that can make it look legitimate enough for someone to click. You should pay close attention in order to outsmart the cyber criminals.
Many times, cyber criminals will try to send you malicious .HTML attachments, .JS attachments, .DOC attachments, PDF attachments, or even .XLS documents. It is important to know that many subscription-based antiviruses put a low risk score on for antivirus detection since .HTML files are not commonly associated with email-borne cyber attacks. In addition financial institutions have used .HTML attachments in the past so people are used to seeing them in their inboxes.
Files with Macros
Another big increase has come to malicious macros being put in phishing emails as a common delivery method. These documents may pass your anti-virus program. These types of phishing emails contain a sense of urgency to create the illusion that it is important, and the persons is needed. The goal is to get a click.
Social Media Exploits
Whether it be LinkedIn, Facebook, or Instagram, if you receive a message from an account that you are not familiar with, you should already proceed with caution. These may consist of image files or links looking to spoof real links such as YouTube.
Statistics Say it All
You can ask anyone including organizations, IT departments, managed IT services providers, managed security services providers, and IT consultants, they will all tell you that phishing, and cybercrime is at all-time high.
So how do these cyber criminals send out all these phishing emails? One way is that they rely on the lax security protocols from organizations.
There is no way to be 100% safe online, but you should try to make it as hard as possible for the cybercriminals.
And the phishing continues to attack…
Cyber security professionals recently analyzed 55.5 million emails. They reported that one out of every 99 messages contain a phishing attack and 25% of those phishing attacks bypass default security measures setup by IT departments and managed IT services providers.
The cyber security professionals reported the following four categories:
- 7 percent had malware
- 9 percent were harvesting credentials
- 8 percent were extortion emails
- 4 percent were spear phishing attempts
- 7 percent were marked as phishing emails
- 49 percent were marked spam
- 5 percent were white listed by admin configurations
- 25 percent were marked clean and successfully sent to the target user
Unfortunately employees are the weakest link in the cybersecurity process:
- 52 percent of organizations know employees are the largest threat to cybersecurity
- 60 percent of employees have confidential data on their corporate device (financial data, email, database, etc.)
- 30 percent of employees have shared their login and password details with colleagues
- 23 percent of organizations do not have any cybersecurity rules or policies
Traditional user cyber security training programs fail to achieve behavioral changes in users. It is important that everyone understands the security threats, and this is accomplished only by an effective educational cyber security training program.
To recap, here are some steps employees can take to protect themselves and your organization from phishing emails:
- Check the sender address: It may look legitimate but review the sending address, if it looks odd it is probably spam.
- Does the email ask you to click on a link or attachment? Check the sender address and the rest of the email for anything out of the ordinary including spelling, grammar, and colours.
- Did you receive the email out of the blue? A company your never heard of or a long-lost relative is trying to send you money? Simply mark as junk and delete.
- Does the email contain several misspelled words? It could be a phishing email.
- Does the email contain some threat (embarrassment, prosecution for example)? It is a phishing email.
- Does the email appear to be from someone you know or an organization you do business with? Call the person at the number you know and not the number provided on the email and verify they sent the email.
Want to learn more on how to prevent Phishing emails? Contact BrickHost today!