Email has evolved into a mission critical business function for many organizations, and for this reason, it has also become the primary mechanism used by cybercriminals to gain access to protected systems. One of the primary methods used by cybercriminals is a simple technique called “Phishing,” which is an attempt to acquire sensitive information by masquerading as a trustworthy source.
The term phishing was coined by hackers in the 1990s in reference to their process of using email to convince recipients into giving up their passwords or financial data. Phishing attempts have become widespread and extremely sophisticated over time. For cybercriminals wanting to reach the largest number of people electronically, email remains the favored approach.
In 2015, approximately 190 billion emails were in circulation each day, and on average, each business user sent and received 42 emails each day.
- The average email phishing rate in 2015 was 1 in 1,846.
- The average email malware rate in 2015 was 1 in 220.
- Office documents were the most popular malicious file type attached in phishing emails in 2015.
Malicious components of a Phishing Email
A file (Microsoft Office document, pdf or image file) attached to the email will contain malicious software called malware. Upon opening the attachment, the malware attempts to infect the machine or reach out to the Internet to download additional malware to the system.
Embedded links to websites –
The embedded link will appear to take recipients to a legitimate website. However, they will be redirected to a fake site that attempts to collect credentials and then pass recipients to the legitimate site. Many times, these fake sites also attempt to install malware onto the system.
Malware can be used to provide remote access to your system, steal information or even encrypt (make unreadable) the files on your computer and hold them for ransom (called ransomware).
Tips for identifying a Phishing Email
Not all phishing emails can be easily identified, but there are some basic attributes that can be used to raise the suspicion level of an email. If any of the statements below are true, delete the email or use extra caution before opening it.
Not recognizing the sender of the email.
The email is asking for personal or financial information.
The email wants the recipient to respond immediately or makes an urgent request for information.
The email includes upsetting or exciting statements, which are usually false, that want the recipient to act quickly.
The email wants the recipient to open an attachment or click on a website link that was not expected. This could be to view an article or video pertaining to any number of intriguing topics such as current social events, news tragedies or holiday sales. Other forms include a notification of fraudulent charges on a credit card, or that a cell phone or email account has been locked out.
Email safety tips
The easiest way to avoid falling victim is to delete any emails that can be identified as suspicious. If the email looks legitimate or is from a valid sender, consider the following safety tips.
- Never send financial or personal information (account numbers, social security numbers, credit card numbers, ID’s and passwords, tax identifier numbers, etc.) via email unless a form of email encryption is being used. This is a special type of email that scrambles the information so only the recipients can read it.
- Verify that website links embedded in emails are being directed to the correct website. Do this by placing the cursor over the link (do not click on the link). Hovering over the link will show you the real website in a pop-up window, or if using a web browser, it will be in the lower left hand corner.
- Contact the sender to verify that the email was legitimately sent to you. Instead of clicking on the link provided in the email, contact the sending party to obtain their legitimate website then manually type it in to the web browser.
- Consider using separate email accounts, one for business, one for financial institutions, one for friends and family and one for subscriptions and registrations.
- Run firewall and anti-virus/anti-malware detection programs on computer systems. These are subscription-based services and it is important to keep them up-to-date.
- Use different and complex passwords for each account that utilizes email addresses.
- Using the same password across accounts will compromise accounts if the credential is stolen.
- Never reply to a suspicious email as this will validate your email address as active.
When using hosted email services (Yahoo mail, Gmail, Outlook online, etc.) enable two-step verification. Once the password is entered, a prompt will ask to enter a randomly generated code that is sent to a mobile device.
- Phishing emails can be very sophisticated and convincing. Those who fall victim to a phishing email, should take action immediately.
Phishing victim action plan
- Notify the IT department or vendor of the organization to enact any Incident Response Plans (IRP) that may be in place.
- Scan the system with an anti-virus or anti-malware product.
- Change any account passwords that utilized the compromised credentials.
- Monitor any compromised accounts for suspicious activity or fraudulent charges.
- If financial account credentials were compromised, notify the appropriate financial institution or organizational representative.
2016 saw a variety of changes in cyber-attacks. The most significant change was the increase in the number of malicious mass mailings containing ransomware. Ransomware and other malware are now readily available on the black market; and, it has been forecasted that in 2017 the volume of malicious email is unlikely to decrease. 2 It is important for organizations and individuals to know that, even if they do not think they are an obvious target for cybercriminals, they are not immune. The tips outlined above will help prevent the success of cyber-attacks and help protect computer networks.
[i] Symantec Corporation. (2016, April). 2016 Internet Security Threat Report. Retrieved from https://www.symantec.com/security-center/threat-report
[ii] Gudkova, D., Vergelis, M., Demidova, N., & Shcherbakova, T. (2017, February 20). Spam and Phishing in 2016. Securelist. Retrieved from https://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-security-bulletin-spam-and-phishing-in-2016/