DON’T LET PHISHING SCAMS CATCH YOU UNAWARE

Don’t Let Phishing Scams Catch You Unaware

VirtualArmour Team

August 17, 2018

Phishing emails are nothing new and have come along way since the notorious “Prince of Nigeria” emails. In this article, we will discuss what phishing is, how to recognize it, and what steps you can take to protect your company and its assets.

What is Phishing

Phishing attacks attempt to trick the recipient into believing they are somebody who they are not in order to obtain confidential information or install malware using links or attachments. Victims first receive an email from a source pretending to be someone they trust, such as their bank or another service provider. The goal of the email is to convince the victim to hand over sensitive information, such as credit card numbers, usernames, or passwords.

Phishing and Business

Today, businesses are usually protected by firewalls and other equipment that continually monitor their networks for suspicious or unauthorized activities. Unfortunately, even the best-designed firewalls are not enough to keep unauthorized users out. When defenders start building stronger walls, attackers start building bigger bombs. Similarly, when a security engineer deploys enterprise-grade firewalls, the attacker will likely resort to social engineering attacks, such as phishing, to gain a foothold in the network. Social engineering refers to manipulating people into giving you sensitive information, ideally without the victim even realizing they are doing something wrong. If the attacker can take advantage of the human element and users to hand over sensitive information then even the best cyber defenses can be rendered useless.

According to ProofPoint’s quarterly threat report, Email-based threat trends have increased by 36% since the beginning of this year. Their researchers have found that  52% of these successful email attacks get their victims to click within an hour and 30% within 10 minutes. If even one employee clicks on a malicious link or attachment contained in a phishing email they could potentially compromise the security of entire internal systems and allow unauthorized users to gain access to sensitive information.

What to look for

When determining if an email is legitimate or not, it is particularly important to pay attention to who the sender of the email is. Ask yourself if this is the sort of email that person or company would send you, and whether or not their information request seems reasonable. If you are ever unsure it is best to reach out the company separately and verify whether or not they sent the email.

Example of a Phishing Email

Figure 1: An example of a phishing email

In this example, we see the sender is Apple with the subject of “Your receipt document from Apple available.” The email also contains an attachment for a PDF document. One of the first things you may notice is the bad grammar in the subject line. It is an important note that most phishing attacks, originate outside the US. This means they must be translated, a process that often results in spelling and grammatical errors. Only a truly proficient speaker of English will get all of the grammar, spelling, and linguistic nuances right. Through programs such as Google Translate are becoming better every day they are still not perfect.
Example of a Phishing Email
By more carefully examining the source of the email, we can see this is not a legitimate Apple email address. In most cases, looking at the email address from the sender of the email is a dead giveaway to the validity of an email. The source of the email address may look legitimate at first glance but often fails to stand up under more intense scrutiny.

Other signs could include but not limited to:

  • A lack of a company logo
  • A distorted or pixilated company logo
  • Poor spelling and grammar

The purpose of most phishing emails is to convince the user to click on an attachment or malicious link contained within the email. The attacker usually does this by creating a sense of urgency.
In the example below, we see that the sender of the email is trying to convince the recipient that they only have a limited time to redeem their amazon reward. This will often lead to the overlooking of important signs of phishing emails. This is a very popular method to use, particularly when it comes to scams involving money.

Example of a Phishing Email

Phishing email example that uses urgency as a persuasion tactic

How to Protect Yourself and Your Company

Protections starts with the user. Educating yourself and your employees and creating awareness is crucial when it comes to thwarting potential phishing attacks. You should also back up training by employing email attachment security solutions and Antivirus scanners on both endpoints and servers.

For optimal results look for a system that identifies suspicious email based on the concept of“Anomalytics”. Analytics a proprietary program from Proofpoint which looks for unusual patterns in digital traffic to identify suspicious emails, then rewrites the embedded URL and maintains a constant watch on the URL for in-page exploits and downloads.

Conclusion

Phishing attacks are one of the most common of the threats today because they work. We can mitigate these threats by educating ourselves and our employees on how to properly evaluate whether or not an email may be part of a phishing scam, and what they should do if they receive a phishing email.

Ultimately, user behavior is difficult to predict, so we must assume that there is a good chance the user will click on malicious attachments or URLs. This is when an email security solution, such as Proofpoint’s email security, which is partnered with VirtualArmour, comes into play. While educating users is the first line of defense against phishing scams, a good email security system is the last defense.

Post Categories

Related Posts

What Your Business Can Learn From Netflix About Credential Sharing

What Your Business Can Learn From Netflix About Credential Sharing

Credential sharing, the practice of using someone else’s digital identity to gain access to a platform or product, has become commonplace, particularly when it comes to video streaming services. While credential sharing brings with it obvious user-end security issues for organizations of all sizes in all verticals, it also poses a serious problem for organizations that depend on the revenue generated from paid user accounts. 

read more
The Growing Trend of “Hacktivism”, & What it Means for Businesses

The Growing Trend of “Hacktivism”, & What it Means for Businesses

When most people think of a hacker, they think of a loner hiding in a dark basement, destroying computer systems and other digital resources for personal financial gain, or a sophisticated computer whiz employed by a foreign government up to no good.
However, in recent years, a growing number of hackers have been putting their skills to use for a different reason: activism. This trend, dubbed “hacktivism”, is on the rise and can have serious consequences for businesses of all sizes in all verticals and industries.

read more

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security

Evaluation of your infrastructure for vulnerabilities and security gaps.

Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.

Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.

Partners

Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.

Careers

Read about life at VirtualArmour and search for current openings.

Industry

Read more about the industries we serve and our solutions to keep you safe.