It is estimated that more than 100 billion emails are sent every day
And If it feels like you receive impostor emails faster than you can hit delete, you are not alone. Hackers and Scammers love to send fake emails. Mixing them right in with authentic emails, and your wondering if you can afford to ignore them. Or at least, you think those emails actually came from your friends and family, on-line stores or your bank. How can you know they are legitimate and not actually an email scam or what we call a "Phishing Scam"
Phishing is a large scale attack where a hacker will forge emails, so it looks like it came from a legitimate company (e.g. your Bank or PayPal). With the intention of tricking the unsuspecting recipient into downloading malware or entering confidential information into a phishing website
(A website pretending to be legitimate which actually is a fake website used to Scam people into giving up their information)
Phishing attacks can be sent to numerous email recipients in the hope that even a few responses will lead to a successful attack
Spear Phishing is phishing, but normally involves a specific attack against an individual or organization. The "Spear" refers to a spear hunting style of attack. Often with spear phishing, the attacker will impersonate an individual or department from within the organization. For an example you may receive an email that looks like it is from your IT Department saying you need to re-enter your passwords on a specific site, or maybe one from the HR department with a “new benefits package” attached
Phishing poses a big threat because it can be very difficult to identify these types of emails. Studies have found as many as 94% of employees can not tell the difference between real and phishing emails. Because of this, as many as 16% of people click on the attachments in these emails, which can contain malware. Just in case you think this might not be that big of a problem
A Data Breach Investigations Report’s Phishing Statistics, 30% of phishing messages are opened by targeted users, and 12% of those users click on the malicious attachment or link
A recent study from Intel found that a whopping 95% of attacks on enterprise networks are the result of successful spear phishing
According to the Webroot Threat Report, nearly 1.5 million new phishing sites are created each month
Clearly spear phishing or scam emails should not be taken lightly
It is difficult for most people to tell the difference between real and fake emails. While most of the time, the obvious clues are misspellings and or .exe file attachments. Other emails have hidden EXE attachments. One such popular example is having a "Word" file attachment which executes a macro once opened is impossible to spot but just as fatal
In a study by Kapost, it was found that 96% of CEO and Executives worldwide failed to tell the difference between a real and a phishing email 100% of the time. Even security conscious people can still be at risk. And the risk is higher if there is not any knowledge on this subject
Simple by downloading an SMTP tool I can create a fake email address I can start sending fake emails from almost any email program. This is just how easy it is for a hacker to create an email address and send you a fake email where they can steal personal information from you. The truth is that any business name, or even you can be impersonated anyone and anyone can impersonate you without too much difficulty
A few guidelines that can help you spot the real from the fake email
Impersonal, Generic Greetings
A few examples are “Dear user” or “Dear [your email address]”
Emails such as from PayPal will always address you by your first and last names or by your business name
They never use greetings like "Dear user" or "Hello PayPal member"
If there's a link in an email, always check it before you click. A link could look perfectly safe like
https://rshweb.com/blogs-articles
But if you hover your mouse over the link to see the actual destination:
http://spoffingyou.com/we-just-got-you
If you are not certain, do not click on the link. Just visiting a bad website can and will infect your machine
Do not EVER open an email attachment unless you are sure of who it came from, or you know it is legitimate and safe. Be particularly careful of "Invoices" from businesses you are not familiar with. Some attachments contain viruses that install themselves when opened
Phishing emails can warn you that your account needs to be updated immediately. They are hoping you will fall for their sense of urgency and ignore warning signs that it is just another fake email
"Your Account Has Been Locked"
"Suspended Account"
"Your account is about to be suspended"
"You've been paid"
"You have been paid too much"
"Update Your Official Record"
"Click to Learn More"
"Restart Your Membership"
"You Missed a Delivery"
"Confirm Your Account"
"Tax Refund"
"Refund Due to System Error"
"Click to See Your Revised Salary"
Sent "From" Recipient's Bank
Sent "From" Recipient's CFO
Sent "From" Recipient's CEO
Many phishing emails only need just one click to give the Hacker access to your computer system
A few more tips to remember
Do not trust the display name
Do not click on links you do not know who sent you the email
Look for spelling mistakes
Beware of urgent or threatening language, especially in the subject line
Review the signature
Never click on attachments
Do not always trust the header from email address
A Digital Certificate is similar to a virtual passport. It tells them that you are who you say you are. Digital Certificates are issued by Certificate Authorities (CAs). In the same way a government would check your identity before issuing a passport, a CA will have a process called vetting which determines you are the person you say you are. There are multiple levels of vetting. At the simplest form, we check that the email is owned by the applicant. On the second level, we check identity (like passports etc.) to ensure they are the person they say they are. Higher vetting levels involve also verifying the individual’s company and physical location
June O
Nice post RSH Web. It is very helpful for new users
Rob P - Argentina
Thank you for covering the phishing topic
Tweet Share Pin Email