Phishing Attacks – Smarter & More Common Than Ever

Image representing being phished

Phishing attacks – smarter & more common than ever

Cyber criminals are doing whatever it takes to get access to your personal details. Email is by far one of the simplest means of access for ackers to get into a computer network.

You can of course filter out your emails, but only to a small degree – otherwise you’d never receive any emails again!

Phishing is the act of tricking an email recipient into inadvertently sharing their data. The tactics by which these sorts of ‘cyber attacks’ are conducted are getting smarter all the time.

In turn, users need to get sharper – Look out for fraudulent emails and don’t get caught out.

 

How do they do it?

Counterfeiting an email address as though they were sent from someone else’s mailbox is regrettably very easy to do.

The email itself, (in many cases), isn’t perilous. You can simply erase it from your inbox.

The impairment comes from clicking any link implanted within or opening the attachment from the email. From this link or attached file, a virus, malware or malicious software will download and mount itself to your PC – quite often without the user being aware that anything has occurred.

See an example below, (with the victim sender’s details omitted), to which we refer to through this blog article.

What does it look like in my inbox?

The emails are very cunningly concealed. They will appear as any normal email would, with a tangible email address and could possibly contain an email signature & disclaimer from a real business. The contact may well be known to you and the sort of content contained within the email may be something that you would generally expect to see from that person. Deceiving you as the recipient into a false sense of security.

The email itself, however, is most likely to contain a doubtful link or discrete attachment, which is the bait to draw you into their grasp, by which they can enter your PC & steal your credentials. This hopefully would fluctuate from the sort of communication you would normally expect to receive (if at all) from this email address – helping it stand out as an email to be cautious of.

 

What should I look out for?

When you receive any new emails there are a few key things to check straight away, even if you know & trust the sender.

1. The sender’s name & email address.

Is it someone you know? Could you call them and check they meant to send you this email

2. Does the email contain an attachment?

If it is a PDF document, there’s a strong chance that you’re safe.

If it is a Word or Excel document, it may well contain a virus buried in a script that will run automatically once you open the file.

One thing to keep in mind is that you can’t tell from looking at the file whether it is genuine or malicious before you open it. If you do open it and it’s malicious, it’s typically too late.

3. Does the email contain any links?

Links are simple to check. Hover over the link and your computer will show the website destination where it will take you.

If the link appears to be the real website, or where you would expect to land, like in the example below, then it may well be genuine, but that is no guarantee!

With this example, the link takes you to a file hosted in a Microsoft OneDrive account. The email makes it look like this user did want to send you this file, which is stored in a trustworthy place. If the link appears to be of an untrusted source, it would naturally appear to be more suspicious, but on face-value, this example link appears to be legitimate.

Clicking the link to visit the website, which appears to be a real Microsoft OneDrive file share, you can see an overview of the document, which is apparently a PDF.

Upon further examination, however, hovering over the preview shows the Microsoft notification box with the “Open” button is entirely forged – it’s just an image, not a real notification box at all. Hovering anywhere over the open screen shows the entire image to be hyperlinked to a shortened URL, (via TinyURL), cleverly and simply camouflaging a malicious website.

Had the “Open” button been genuine and the document was able to be viewed within the browser it would have likely been entirely legitimate.

However, on this example, clicking this link does take you through to a virus infused website, leading to the recipient’s email accounts susceptible to being hacked.

In Conclusion

Always second check. Even if you believe to know the person that sent you the email.

Shadow our straight-forward 3-step checklist – sender’s name & email address, attachments and links. Read-through these three key things before taking any action with the email will help you remain protected.

 

Want to get the best of cybersecurity for your business?

Here at Techsolve, we work hard to understand our clients’ business and applying the most appropriate security technology to match their needs.

If you would like a free brief discussion about your operational challenges & to explore the threats to your business, please get in touch today – 0203 3 970 978 or drop us a line [email protected]