Understanding Email Phishing

Not long ago, email phishing was primarily aimed at the consumer market, and malware was considered the biggest threat to business. Today, however, email phishing is the top social attack on businesses. Because no cybersecurity solution can block 100 percent of attacks, employees need to understand what to look for to protect themselves from phishing attacks.

Below are some things employees should understand about phishing:

Phishing Explained -- Phishing is a type of fraud in which a hacker attempts to impersonate a person or brand and tricks users to provide confidential information, such as social security numbers, routing or account numbers, passwords, etc. Phishing emails can be aimed at asking for information directly or by having the potential victim visit a fraudulent website.

Email Addresses Can Be Spoofed -- Never trust an email based simply on the purported sender. Cybercriminals have many methods to disguise emails. They understand how to trick their victims into thinking a sender is legitimate, when the email is really coming from a malicious source. With display name spoofing, the phisher uses a legitimate company name, such as support@microsoft.com, but the email underneath is a random address like xyz@yahoo.co.

Attacks Are Becoming More Targeted and Personal -- Many phishing attacks of the past were sent in bulk to a large group of users at once, resulting in impersonal greetings. Today’s phishers are including the victim’s name in the subject line and prefilling the victim’s email address.

Links Aren’t Always What They Seem -- Every phishing email includes a link, but phishing links are deceptive. While the link text might say “Go to your Office 365 account,” the URL takes the user to a phishing page designed to look like Microsoft. Make sure to hover over all links before clicking them to see the pop-up that displays is the link’s real destination.

Hackers Use Real Brand Images and Logos in Phishing Emails -- Brand logos and trademarks are no guarantee that an email is real. These images are public and can be downloaded from the internet or easily replicated. Even antivirus badges can be inserted into emails to persuade victims into thinking an email is from a legitimate source.