2022/10/22 IT & Cyber-Security Solutions 198 visit(s) 4 min to read
Phishing attacks are nothing new. Despite the availability of all advanced detection technologies and secure email gateways, phishing is a security problem that technology has not solved.
Attack groups continue to successfully infiltrate large organizations. Many security and risk experts agree that humans play an important role in stopping attackers before they can gain a foothold.
Phishing is an email attack that attempts to steal sensitive information from messages that appear to come from legitimate or trusted senders.
There are specific phishing categories. for example:
- Spear phishing uses targeted, customized content specifically tailored to the target recipient.
- Whaling is directed at executives or other high value targets within an organization for maximum effect.
- Business email compromise (BEC) uses fake trusted senders (financial officials, customers, trusted partners, etc.) to trick recipients into authorizing payments, transferring money, or divulging customer data.
- Ransomware that encrypts data and demands payment to decrypt it almost always starts with a phishing message. Anti-phishing protection doesn't help decrypt encrypted files, but it helps detect the initial phishing message associated with a ransomware campaign.
1. Emails Demanding Urgent Action
Attackers often use urgent action to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.
2. Emails with Bad Grammar and Spelling Mistakes
Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct.
3. Emails with an Unfamiliar Greeting or Salutation
Emails exchanged between work colleagues usually have an informal salutation. Those that contain phrases not normally used in informal conversation should arouse suspicion.
4. Inconsistencies in Email Addresses, Links & Domain Names
Another way to spot phishing is by looking for discrepancies in email addresses, links, and domain names. And make sure that the emails you have received are from reliable sources that you constantly deal with. if so, compare the sender's address with previous emails from the same organization or source.
5. Suspicious Attachments
Most work-related file sharing today is done through collaboration tools like SharePoint, OneDrive, and Dropbox. Therefore, internal emails with attachments should always be treated with suspicion; especially if the extension is unknown or is often associated with malware (.zip, .exe, .scr, etc.).
6. Emails requesting login information
Emails from unexpected or unknown senders requesting login credentials, payment information, or other sensitive information should always be treated with caution.
you can depend on Cofense PhishMe which is a SaaS threat awareness training and escalation platform that train, empower and coordinate employee’s awareness of phishing attempts by exposing them to realistic threat simulations to test your employees' security awareness.
Fortunately, there are many excellent solutions for filtering malware, improving authentication, educating users, and blocking suspicious incoming messages. This has helped reduce risk.
However, phishing emails are usually sent to provoke emotions such as curiosity, sympathy, fear, and greed. When employees recognize these characteristics and are taught what to do if a threat is suspected, they will be able to recognize phishing emails and prevent attackers to infiltrate networks.
Ctelecoms can expertly utilize PhishMe to help Saudi companies of all sizes and industries to dramatically reduce the risks of phishing and related attacks caused by human error - while also giving users the skills and awareness to spot and report threats.