How do Spoofing and Phishing Emails Affect the Digital World.
Since the mid 90’s cybercriminals have been using phishing as a way to gain sensitive information using deceptive emails and websites to deceive victims into clicking malicious links, sending sensitive information or downloading infected attachments.
Phishing emails will impersonate recognisable brands or people to deceive the recipient into believing the message is important, convincing the user to click a malicious attachment/link or provide sensitive data generally passwords or banking details.
Phishing emails cost organisations around the world $4.5 billion every year and over 50% of internet users receive at least one phishing email per day. They are more rampant than ever before, rising by more than 162 percent from 2010 to 2014.
The best defence organisations have in their arsenal against phishing attacks is to block malicious emails before they reach customers with the DMARC (Domain-based Message Authentication Reporting and Conformance) standard. Organisations should also further work with vendors who can provide threat intelligence data revealing attacks beyond DMARC
Here are our top 10 tips on how to identify a spoofing or phishing email.
Tip 1: Check the email address don’t trust display names.
A simple yet effective tactic utilised by cybercriminals is to spoof the display name of an email. Check the email address in the header ‘from’—if it looks suspicious, don’t open the email. If it doesn’t match the organisation’s domain, it’s clear the email came from outside that organisation.
Tip 2: Look before clicking.
A great way to check what the intent of the links are is to hover your mouse over any links embedded in the email. If the link address look weird or doesn’t belong to the legitimate sender’s domain don’t click on it.
Tip 3: Spelling and grammar matter.
Organisations are serious about their emails. Your bank, electricity provider or any other large organisation would not send an email with major spelling or poor grammar. Read the emails and if it seems suspicious it probably is.
Tip 4: Don’t give up personal credentials.
Banks and most other companies will not ask for credentials via email. Don’t give them up. If unsure go to the genuine log in portal that you usually use to sign in, if there’s a notification it will normally be displayed there.
Tip 5. Analyse the salutation.
Legitimate organisations will usually use a personal salutation utilising your first and last name, if it’s addressed to ‘valued customer’ avoid, avoid, avoid.
Tip 6. Don’t trust the email header.
Cybercriminals spoof brands and organisation in the header from the email address. Organisation studies found that nearly 30% of more than 760,000 email threats spoofed organisations within the header from the email address with more than two thirds spoofing the brand in the email domain alone.
Tip 7. Don’t be sucked into urgent or threatening language.
These emails will generally invoke a sense of urgency or fear. This is a common phishing tactic. You will see this quite regularly with ‘account suspension,’ ‘mailbox full,’ or ‘unauthorised login attempt.’ Beware these subject lines, they are there to invoke urgency.
Tip 8: Don’t click attachments.
Don’t open any email attachments you weren’t expecting, viruses and malware can be contained within malicious attachments with the intent to damage files on your computer (Read more about ransomware attacks here), steal your passwords or spy on your usage without your knowledge.
Tip 9: Check the signature
Check the details in the signature if it’s lacking details or alternative contact means it’s probably not legitimate. Organisation’s want you to contact them!
Tip 10: Things are always what they seem.
These cybercriminals and phishers know what they are doing. They’ll copy and paste official looking logos, language and portray a valid looking email address. Always be sceptical if it looks slightly suspicious, don’t open it. Or contact your systems administrator for further clarification.
Click here if you’d like to speak to one of our email experts about how you can enhance your email security.