About Phishing Emails

Most cyber attacks begin with an Email

In this page we describe what Phishing emails are and how to avoid phishing attacks

Phishing emails wear different formations, but they bear the same concept, obtaining information that will lead to financial gain for cyber criminals. Many businesses are aware of the issue and took different measures to protect them selves (Anti-virus, firewalls, Sophisticated gateways & more), phishing mails and other still find their way to our mailbox. Phishing emails can lead to Data Theft, Ransomware and bring organizations to a complete shut-down. 

Different studies are showing that most cyber attacks begin with phishing emails. Hereunder we will describe common known kinds of phishing emails and tips how to Recognize and Avoid Phishing Scams 

Known Phishing Emails
Bulk Phishing Emails

The most common type of phishing emails.The email will look as if it was sent from a known entity as your bank, cable provider (examples: ABN,Ziggo,UPS). These emails might ask you to confirm and send sensitive information (Bank accounts, login details, etc) or will have a link that will re-direct to a fake website.

What can you do?

  • Most companies will not ask you via email so pay attention 

  • Check the senders email address (from line don’t trust display name)

  • Call the company (not the number in the email)

  • Grammar & spelling mistakes

  • Legit companies usually call you by your name

  • Is this something you are expecting 

 
Spear Phishing
The CEO Fraud

Cyber criminals customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. By clicking on a malicious URL or email attachment you hand over your personal data. How do attackers gather information? Social media is the perfect place to harvest information (LinkedIn and other social networks). Studies show that in the business world, that approx 75% of these attacks are sent to 10 mailboxes; Therefore increasing the chances of a successful phishing campaign.

The CEO Fraud (Whaling attack) - Spear phishers can target anyone in an organization, even executives; Methods such as email and website spoofing to enforce the recipient to take specific actions, such as transferring funds to bogus accounts, An example of whaling happened to Pathé cinema group in 2018 (Article in Dutch news).

These are also know as Business Email Compromise (BEC)

What can be done?

  • The points made in the previous section

  • Call to confirm the action, do not verify by replying

  • Integrate awareness programs to your organization, the attack is more likely to be sent to multiple recipients 

  • Don't click on attachments or links

  • Install suitable cyber defense software read more about it in services

 
 
Clone Phishing

Clone phishing is done when a hacker copies a legitimate email message that is sent from a trusted organization. He alters the email by replacing or adding a link that redirects to a malicious and fake website. 

 

Examples

  • sender@company.com was replaced with sender@company.org

  • the letter L (l), can be replaced with an I (i)

  • Fake landing pages. It might look like Facebook, if you check the URL it will not be a FB domain

 

 What can you do?

  • Check for fake email domains

  • Pay attention to details, known senders will not change their font or start writing in italic

  • Verify do not reply

  • Check logos

  • Review the link, if you suspect it do not click it!

 
​Vishing 
​Smishing 

Vishing (Voice + Phishing). Vishing is a call in which individuals are tricked into revealing critical financial or personal information to cyber criminals. Like emails telephone numbers can be spoofed. The numbers you see cannot be trusted, it may look like a local number but it can be done from anywhere on the planet. A good example is that you will get a voicemail telling you your account has been compromised; This is a perfect way to provoke a response that leads to a trap.

 

There are no free gifts, do not call back even when they tell you that you have won the latest iphone and all is needed are some personal details.

Smishing (SMS + Phishing) is any kind of phishing that involves a text message. Often times, this form of phishing involves a text message in an SMS or a phone number. most people are inclined to respond to text. By clicking it you may download malware to your phone and all your data can be exploited. 

How to avoid it:

  • If there's a doubt its probably correct

  • Do not automatically open links, read the message carefully and if it looks suspicious do mot open it

  • Check online if someone already reported it

  • Both iphone and android have the option to block spam messages

 
 

© 2020 Magic Stone Cyber Security B.V Owner of mkbcyber.com 

Amstelveen Cybersecurity for SMB

Read about our Privacy Policy

  • White Facebook Icon
  • LinkedIn