Recognizing Phishing Emails is the Key to Staying Safe

Phishing emails are becoming much more common.  No one is immune.  If you have an email account, you will receive a phishing email at some time or another.  So, what exactly is phishing and how do you recognize it?

“Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.”  Webroot

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.”

Many phishing emails bypass anti-virus software as there is no malicious content in the email itself.  Rather, it is the link within the email that when followed, spoofs a website, or as in the case below, links to a legit site that contains a malicious file, and asks for the user to logon.  Once you logon to the fake site, your user name and password have been recorded.  So, learning to recognize and question phishing emails is extremely important.  In addition to phishing, file downloads using third party sites to host the malicious file is an increasing threat.  Remember Cyber Criminals work full time trying to trick you.

Phishing Emails, Malicious files – How Do You Recognize Them?

A phishing email that spoofs Office 365 has been extremely successful in harvesting user login info.

“Your mailbox has exceeded it’s mail-quota and due for upgrade.  To continue using your mailbox, Please upgrade to your extra 15GB  plan with just a single click without any charges”

A very successful phishing campaign involves Office 365.  By designing the message to look like it came from Microsoft and creating an urgency (possibly missing or losing email), this attack has resulted in a high volume of compromised accounts.  The first clue that this email is not legit is the incorrect use of grammar, punctuation and capitalization.  Microsoft would not sent out such a poorly written email.  By hovering over the action box and looking at the linked website, it will show that the site it is taking you to is not legit.

Transfering Malicious Files using a Legitimate Website

Email links to a legit website, however the download file is malicious.

Upon receipt, we need to question why “orders@amazon.com would be sending a file.  And why would they send it through wetransfer.com?  In this case, clicking on the link, takes you to a legit website wetransfer.com.  The download file has been deleted recently, but more than likely contained a virus.  Similar attacks have used Dropbox, Docusign and other legitimate sites.  Other versions of cyber attacks, appear to be from wetransfer.com (or Office 365, Docusign, ….) to take you to a spoofed website that looks legit and asks you to login.  Once you enter your login information, your account is compromised.

Stu Sjouwerman wrote an excellent article on how many phishing attacks fly under the radar and how to recognize them.  You can read it here.

Effective Training of Employees is your First Line of Defense

Executive IT Help offers an affordable security bundle to help protect your company from phishing emails and more.  We have seen incredible results from the Phishing training.  One customer had a 71% failure rate on the baseline phishing test of approximately 50 employees.  After a 15 minute online training and another simulated phishing test, the failure rate dropped to less than 5%.  Our phishing training is an affordable, valuable tool that educates your employees.   If you are interested in learning more about our security bundle,  please call us at 832-295-1411.