Phishing emails are nothing new and have come along way since the notorious “Prince of Nigeria” emails. In this article, we will discuss what phishing is, how to recognize it, and what steps you can take to protect your company and its assets.
What is Phishing
Phishing attacks attempt to trick the recipient into believing they are somebody who they are not in order to obtain confidential information or install malware using links or attachments. Victims first receive an email from a source pretending to be someone they trust, such as their bank or another service provider. The goal of the email is to convince the victim to hand over sensitive information, such as credit card numbers, usernames, or passwords.
Phishing and Business
Today, businesses are usually protected by firewalls and other equipment that continually monitor their networks for suspicious or unauthorized activities. Unfortunately, even the best-designed firewalls are not enough to keep unauthorized users out. When defenders start building stronger walls, attackers start building bigger bombs. Similarly, when a security engineer deploys enterprise-grade firewalls, the attacker will likely resort to social engineering attacks, such as phishing, to gain a foothold in the network. Social engineering refers to manipulating people into giving you sensitive information, ideally without the victim even realizing they are doing something wrong. If the attacker can take advantage of the human element and users to hand over sensitive information then even the best cyber defenses can be rendered useless.
According to ProofPoint’s quarterly threat report, Email-based threat trends have increased by 36% since the beginning of this year. Their researchers have found that 52% of these successful email attacks get their victims to click within an hour and 30% within 10 minutes. If even one employee clicks on a malicious link or attachment contained in a phishing email they could potentially compromise the security of entire internal systems and allow unauthorized users to gain access to sensitive information.
What to look for
When determining if an email is legitimate or not, it is particularly important to pay attention to who the sender of the email is. Ask yourself if this is the sort of email that person or company would send you, and whether or not their information request seems reasonable. If you are ever unsure it is best to reach out the company separately and verify whether or not they sent the email.
In this example, we see the sender is Apple with the subject of “Your receipt document from Apple available.” The email also contains an attachment for a PDF document. One of the first things you may notice is the bad grammar in the subject line. It is an important note that most phishing attacks, originate outside the US. This means they must be translated, a process that often results in spelling and grammatical errors. Only a truly proficient speaker of English will get all of the grammar, spelling, and linguistic nuances right. Through programs such as Google Translate are becoming better every day they are still not perfect.
By more carefully examining the source of the email, we can see this is not a legitimate Apple email address. In most cases, looking at the email address from the sender of the email is a dead giveaway to the validity of an email. The source of the email address may look legitimate at first glance but often fails to stand up under more intense scrutiny.
Other signs could include but not limited to:
- A lack of a company logo
- A distorted or pixilated company logo
- Poor spelling and grammar
The purpose of most phishing emails is to convince the user to click on an attachment or malicious link contained within the email. The attacker usually does this by creating a sense of urgency.
In the example below, we see that the sender of the email is trying to convince the recipient that they only have a limited time to redeem their amazon reward. This will often lead to the overlooking of important signs of phishing emails. This is a very popular method to use, particularly when it comes to scams involving money.
How to Protect Yourself and Your Company
Protections starts with the user. Educating yourself and your employees and creating awareness is crucial when it comes to thwarting potential phishing attacks. You should also back up training by employing email attachment security solutions and Antivirus scanners on both endpoints and servers.
For optimal results look for a system that identifies suspicious email based on the concept of“Anomalytics”. Analytics a proprietary program from Proofpoint which looks for unusual patterns in digital traffic to identify suspicious emails, then rewrites the embedded URL and maintains a constant watch on the URL for in-page exploits and downloads.
Phishing attacks are one of the most common of the threats today because they work. We can mitigate these threats by educating ourselves and our employees on how to properly evaluate whether or not an email may be part of a phishing scam, and what they should do if they receive a phishing email.
Ultimately, user behavior is difficult to predict, so we must assume that there is a good chance the user will click on malicious attachments or URLs. This is when an email security solution, such as Proofpoint’s email security, which is partnered with VirtualArmour, comes into play. While educating users is the first line of defense against phishing scams, a good email security system is the last defense.