No, we are not talking about going on a fishing charter in the Florida Keys. We are focusing on a Cyber Security phenomenon that is “Today’s New Normal,” and no we are not talking about the Covid-19 term; this is a Cyber Security Term that is defined as:
Definition of phishing
: a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information, which the scammer can use illicitly.
… And how to avoid, no doubt. Phishing is still the most prevalent cyber threat in the world.
3 billion fraudulent emails are sent every day to compromise sensitive information. And according to the 2021 Phishing Benchmarks Global Report, 1 in 5 phishing email recipients are more likely to click on attached malicious links. 1 in 5 phishing email recipients is prone to clicking on attached malicious links.
Detecting and preventing phishing emails from reaching your inbox is a critical component of good cybersecurity. It is important to understand the different types of phishing emails and the warning signs to look for in each scenario.
What is a phishing email?
Phishing emails are cyber criminals that use trickery to steal sensitive information from users and organizations.
Phishing victims are tricked into disclosing information they know they should keep secret. Because they trust the source of their request for information and believe that the parties are acting in good faith, victims of phishing emails usually respond without hesitation.
In a phishing email, cybercriminals will typically ask for your:
- Date of birth
- Social security numbers
- Phone numbers
- Credit card details
- Home address
- Password information (or what they need to reset your password
- Cybercriminals then use this information to impersonate the victim and apply for credit cards or loans, open bank accounts and engage in other fraudulent activity.
Some cybercriminals use the information collected by a phishing email to start a more targeted cyberattack, such as a spear phishing or business email compromise incident, that relies on knowing more about the victim.
How Does Phishing Happen?
Phishing happens when a victim replies to a fraudulent email that demands urgent action.
Examples of requested actions in a phishing email include:
- Clicking an attachment
- Enabling macros in Word document
- Updating a password
- Responding to a social media connection request
- Using a new WiFi hot spot.
- Every year, cybercriminals become savvier with their phishing attacks and have tried and tested methods to deceive and steal from their victims. According to 2021 data from Verizon, hackers took advantage of the COVID19 pandemic to up the frequency with which phishing emails were sent out as part of cyberattacks.
Since phishing attacks come in many different forms, differentiating one from a valid email, voice mail, text message, or information request can be difficult. For this reason, phishing simulations are an ideal way to test users’ knowledge and boost organization-wide levels of phishing awareness.
Examples of Different Types of Phishing Attacks
Just like everything else on the internet, phishing email attacks have evolved over the years to become more intricate, enticing, and tougher to spot.
To successfully identify and flag a suspicious message in a mailbox, all users should be familiar with the different forms of a phishing email.
Phishing emails still make up the majority of annual data breach lists worldwide. Phishing emails are designed to appear to come from a legitimate source, like Amazon customer support, a bank, PayPal, or another recognized organization. Cybercriminals hide their presence in little details like the sender’s URL, an email attachment link, etc.
This more targeted phishing email attack relies on data that a cybercriminal has previously collected about the victim or the victim’s employer. Typically spearphishing emails use urgent and familiar language to encourage the victim to act immediately.
Relying on carefully worded phishing emails, this attack includes a link to a popular. This link takes victims to a spoofed version of the popular website, designed to look like the real one, and asks them to confirm or update their account credentials.
Cybercriminals send phishing emails that include links to fake websites, such as the mobile account login page for a known mail provider, asking the victim to enter their credentials or other information into the fake site’s interface. The malicious website will often leverage a subtle change to a known URL to trick users, such as mail.update.yahoo.com instead of mail.yahoo.com.
This example of a phishing attack uses an email address familiar to the victim, like the one belonging to the organization’s CEO, Human Resources Manager, or the IT support department. The email urgently asks the victim to act and transfer funds, update employee details, or install a new app on their computer.
Savvy cybercriminals hack a familiar website and include a fake website login page or popup that directs website visitors to a fake website.
With this advanced phishing attack, criminals gain access to a company web server and steal the confidential information stored on the server.
All it takes to install malicious software on a computer or company network is clicking an email attachment. These attachments look valid or may even be disguised as funny cat videos, eBook PDFs, or animated GIFs.
“Evil Twin” WiFi
When free WiFi access points are spoofedVictims unknowingly logs into the wrong WiFi hotspot, WiFi access points commonly spoofed include those available in coffee shops, airports, hospitals, shopping malls, public parks, and other public gathering locations.
Mobile Phishing (Smishing)
A fraudulent SMS, social media message, voice mail, or other in-app message asks the recipient to update their account details, change their password, or tell them their account has been violated. The message includes a link to steal the victim’s personal information or install malware on the mobile device.
Voice Phishing (Vishing)
This scenario occurs when a caller leaves a strongly worded voicemail that urges the recipient to respond immediately and to call another phone number. These voice messages are urgent and, for example, reassure victims that their bank account will be blocked if they do not respond.
This sophisticated email phishing attack tricks two people into believing they send each other emails. However, hackers send fake emails asking everyone to share information or update sensitive corporate data.
Practical Examples of Phishing Email Attacks
One of the common themes that penetrates all types of phishing emails, including the example below, is social engineering tactics. Like most phishing attacks, social engineering preys on the natural human tendency to trust people and companies.
This leads to many users failing to carefully review phishing email details and automatically trusting the sender’s request. Email phishing victims believe they’re helping their organizations by transferring funds, updating login details, or providing access to proprietary data.
(example of phishing email)
Make sure your colleagues are aware of these common examples of phishing emails:
An email from PayPal arrives telling the victim that their account has been compromised and will be deactivated unless they confirm their credit card details. The link in the phishing email takes the victim to a fake PayPal website and the stolen credit card information is used to commit further crimes.
Compromised Credit Card
The cybercriminal knows the victim made a recent purchase at Apple and sends an email disguised to look like it is from Apple customer support. The email tells the victim that their credit card information might have been compromised and confirms their credit card details to protect their account.
An urgent email arrives from the company CEO, who is currently traveling. The email asks the recipient to help the CEO transfer funds to a foreign partner. This phishing email tells the victim that the fund request is urgent and necessary to secure a new partnership on how To Protect Against Phishing Emails.
To protect against phishing emails, you need to raise awareness of how phishing happens. When people experience firsthand how easy it is to be tricked by what looks like a valid email, they are more likely to carefully review email details before automatically clicking Reply, an embedded link, or downloading an attachment.
To protect against phishing emails, remember these five keys to building a cyber secure aware culture:
Educate: use security awareness training and phishing micro learnings to educate, train, and change behavior.
Monitor: Communicate: provide ongoing communications and campaigns about phishing emails, social engineering, and cyber security.
Integration: Make cybersecurity awareness campaigns, education, support, training, and project management part of your corporate culture. You are trying to protect against
email phishing attacks, and the same applies to colleagues, organizations, friends, and family. Everyone should be able to keep their information safe.
The best way to do this is to maintain an optimal level of cybersecurity awareness. The first step is to find out who is at risk of a phishing attack. Try our free phishing simulation tool to help build a cybersecurity culture.