Fishing (noun) an activity of catching fish, either for food or sport. Many of us enjoy fishing as a relaxing activity during the summer or while on a family vacation.
Phishing (noun) the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Not a relaxing activity whenever it occurs, especially when you are the phishing catch!
You may think you are smart enough not to be lured by a phisher’s bait, but unfortunately, phishing emails are getting much more sophisticated and harder to recognize than you may think. Most phishing emails appear completely legitimate, often by imitating a company’s logo using high-quality graphics and including opt-out instructions. For this reason, it’s quite common to be fooled.
The cybersecurity company, SiteLock, has published some recent phishing lures on these scams and how to protect against them.
Common Phishing Trends and Techniques
- Invoice Phishing: Claims the recipient has an outstanding invoice from a well-known company, bank, or vendor. The email instructs to click on a link to pay an invoice. But when they click on the link and access the site, the hackers steal their personal information and gain access to their bank accounts.
- Virus or Compromised Account: Viruses and compromised accounts cause users to receive an email from a third-party company claiming one of their accounts has been compromised. The email instructs the user to log in to reset their pass-word or to download a form, fill in their personal information, and return it. A legitimate company would never request your personal information through email in this manner.
- Payment and Delivery Scam: This tactic involves sending emails from what appears to be a legitimate vendor, asking for a user’s credit card information. They typically claim your payment information needs to be updated before they will de-liver your order. Be careful with these emails, especially if you haven’t purchased anything from the vendor.
- Downloads: These scams send an email instructing recipients to click on a link. These emails often contain hyperlinks that could download a malicious file onto a user’s computer. Never click on an email link unless you are absolutely sure the sender is who they claim to be.
Following are some good email tips to be aware of from phishing.org. Be on the lookout for this bait in your email:
FROM (SENDER) LINE:
- If you don’t recognize the sender’s email address as one you ordinarily communicate with
- If he email is from someone outside your organization and it’s not related to your job
- If the email was sent from someone inside the organization or from a customer, vendor or partner and is unusual or out of character
- If the sender’s email address is from a suspicious domain (like micorsoft-support.com)
- If you don’t know the sender personally
- If you don’t have a current or prior business relationship with the sender
- If it is unexpected or unusual with an embedded hyperlink or an attachment from someone you haven’t communicated with recently
- If you were cc’d on an email sent to one or more people, but don’t personally know the other people it was sent to
- If you received an email that was also sent to an unusual mix of people. For example, a random group of people in your organization whose last names start with the same letter.
- If you receive an email you would normally get during regular business hours, but it was sent an odd time (like 3AM)
- If you get an email with a subject line that is irrelevant or does not match the message content
- If the email message is a reply to something you never sent or requested
- If the sender includes an email attachment that you are not expecting or the attachment makes no sense in relation to the email message. Or, if the sender doesn’t normally send this type of attachment.
- If the attachment has a possibly dangerous file type. The only file type always safe to click is a .txt file.
- If the sender is asking you to open a link or attachment to avoid a negative consequence or gain something of value
- If the email is out of the ordinary, has bad grammar or spelling errors
- If the email asks you to look at a compromising or embarrassing picture of you or someone you know
- If anytime you have an uncomfortable gut feeling about any request to open an attachment or click a link
The last point is the most important, “If it smells like phish, it probably is”. Take the time to research or call the sender to confirm you’re not being reeled into a trap. Phishing scams remain a very common type of cybercrime, and can cause major financial losses to individuals and companies with phishing emails being much more sophisticated and harder to detect. Take time to be aware of phishing techniques and warning signs, and to educate your employees on them.