Most people have heard of phishing emails, and if asked, they might refer to the "Nigerian Prince" email scam. In that scam, someone claims to need help moving a large sum of money and asks for help. Because most people have not fallen for that scam, they think they are immune to such tactics.
However, your employees must understand that phishing scams are much more sophisticated and subtle. Anyone can fall victim to one of these new scams, so vigilance is essential. There are many ways to detect a phishing email but understanding the major signs will help your employees resist.
Before reviewing the top signs of a phishing email, it's important to understand what the attacker is trying to do. Unlike the "Nigerian Prince" scam, most attackers don't expect you to hand over banking information. The tactics have changed. Modern email phishing typically has at least one of four goals. They want to get the victim to:
By far, most modern attacks fall into the last category. In this case, the attacker uses software to clone an actual website likely to be used by the victim. It may be a social media site, bank, or other service. If the attacker can get a victim to enter their user ID and password into the fake website, the attacker can collect those credentials and then log into the real site on behalf of the victim. If it's a banking or other important site, the attacker can steal money, take out credit cards, and cause further damage. More important, because many users use the same ID and password on multiple websites, the attacker can begin trying those same credentials elsewhere.
Inspiring Fear: In addition to urgency, the attacker needs to motivate the victim to take action or face dire consequences if they are slow to respond. The attacker may convey that the victim is in legal jeopardy or that a personal account has been hacked. They may be told their job or reputation is at risk. Ironically, these phishing emails are often written to look like cybersecurity warnings asking the person to log into their account to verify it has not been hacked.
Inspiring Greed: Most people know not to fall for some scam offering a million-dollar payout, but more effective scams can still play on greed. For example, a simple phishing email offering a coupon or small gift card for coffee can be more effective in getting people to click a link and log in or open an attachment. These are frequently used in advertising promotions, so victims are often not sensitive to the risk.
Unfamiliar Tone or Greeting: Because English, especially business English, is a second language to attackers, they often use awkward and inappropriate tones in emails. An email salutation that says “My dearest Sir or Madam” is often a tipoff that the writer is unfamiliar with modern American business English.
Spelling, Grammar, and Terminology Errors: Again, because English is a second language for many attackers, they often struggle with basic grammar and spelling. However, terminology errors are often more noticeable, especially when sounding pretentious. For example, a simple invoice for contract work is rarely called a "statement of indebtedness.”
Inconsistent Links, Email Addresses, and URLs: This is probably one of the most consistent ways to detect a phishing email, but it does require some knowledge. If an attacker wants to spoof an email from a well-known organization, they may try to create a URL that appears similar to the real one.
For example, they might replace a lowercase "L" with the number "1" so that "Apple.com" becomes "App1e.com". If unsure, it's always best to type in the URL directly rather than clicking a link in an email. The attacker may send the email from a free Gmail or other address, even though they claim to represent a large organization.
Suspicious Attachments: An email may contain an attached spreadsheet or Word document with embedded macros that can infect the victim's computer. If an attachment comes from an unknown source — or even an unusual source — it should be considered suspect. For example, your bank will not send an unsolicited spreadsheet to you.
Unusual Request: If someone from a known organization sends an unusual request, such as a request to verify login information, it should be suspect. For example, if an access code email is received, followed by another email requesting that access code, that should be suspect. It could be an attacker using the “lost password” feature to get into an account.
Sparse on Details: Attackers emulating a company don't have all the information the company has on you. Therefore, they won't be able to include account numbers, purchase history, or other data in an email. For example, if an email mentions a previous transaction but does not provide details, consider it suspicious. The attacker may be trying to solicit more information from you to be able to steal your identity.
Unsolicited Responses: Typically, unsolicited emails arrive in every mailbox daily as spam. Most people ignore them. However, if an email appears which implies a previous relationship where none existed, that should be suspect.
For example, if an email references a shipment in transit that you are not expecting, consider it suspect. Attackers frequently use fake shipping information to get you to click a link for more details.
Phishing scams are becoming much more sophisticated than ever. Among other tactics, attackers use fear, greed, and urgency to get victims to open attachments, click links, enter credentials, and provide additional information.
However, you can protect your employees and organization from falling victim to these scams by getting phishing simulation and phishing awareness training from Calance. In addition, a vCISO can help manage the rollout of this training throughout your organization. Contact Calance today at www.calanceus.com to see how to get started.