A Breakdown on Email Phishing

Through our blogs, you’ve read about many attacks – viruses, malware, ransomware. When it comes to email phishing, this is yet another cyber attack you’ll want to take note of because it’s quite common, especially during the holiday season.

Defining Email Phishing

Email phishing consists of fraudulent emails that pose as real sources (such as a store you frequent). These emails will usually consist of a link that will send you to a fake website or will direct you to give sensitive information, like login or credit card information. That information is used to commit identity theft.

Intrusion Detection Proactively Identifies Threats. Start Securing Your Network Here.

Examples of Phishing Emails

Photo Credit: Infosec Institute

As the above example points out, there are three major issues with this email:

• The email address is not a valid email address.
  Be sure to look out for missing letters or characters in email addresses.
  You can also investigate emails like these in other ways. Determine whether you are signed up for their email list. If you’ve received emails from Amazon or other companies before, look at the email addresses that have been used to deliver those emails and see if they match up with the potentially suspicious email you received.
  And of course, if you’ve never received emails from that company before, more than likely, it’s a faulty email.
• The generic greeting. Modern-day marketing technology is easily able to implement your name in greetings. Expect emails that you’ve signed up for to feature a custom greeting.
• As the image suggests, reveal the true destination of the link by hovering over its text. If it’s not the same as the text and looks foreign like the one above, don’t click it.

Photo Credit: MIT

If you receive an email claiming to be from the IRS, DO NOT ACT. The IRS clearly states that it will not initiate contact with taxpayers by email.

Other red flags within this email, like the Amazon example, include a generic greeting. And of course, after hovering over that link, it will most likely display a link not directing to an IRS site. Also, note that there is unusual spacing in the tax refund amount.

Categories of Email Phishing

Mass-Scale Phishing

This is where the examples above would fall. These are the most common attacks. They’re very generic and are spread to many people.

Spear Phishing

This is a targeted method that goes after particular individuals or groups. It uses as much personal information as possible within the email to make the attack more believable.

Whaling

This is another targeted method that specifically attacks major entities, such as CEOs and executives, to gain sensitive company and personal information.

What to Do If You Experience Email Phishing

Though these methods of attacks are very common and quite sneaky, it’s not the end of the world. Especially if you don’t act on them.

• Contact the ACTUAL company/agency/etc. that contacted you.
  The easiest way to do this is by going to their website, visiting their “contact” page, and contacting whatever number or email address they have listed.
• Report email phishing scams.
  • Report the email to reportphishing@antiphishing.org.
  • Report the attack to the FBI’s Crime Complaint Center.
  • Also, notify your colleagues, supervisor, and IT department of the attack.
• Train Your Employees. OSG’s training products do an excellent job of breaking down the methods, examples, and impacts of email phishing, and in turn protect your network.
• Invest in managed security services. OSG has specialized in comprehensive IT security services for 18 years and counting. We provide support to ensure that your network is protected around the clock.

Protect your company from email phishing and other vicious cyber attacks. Get started today.