Over the years, phishing has become more and more popular, evolving in complexity from its conception in the 1990’s. At its core, phishing is a type of cyberattack hackers implement to obtain access to your private or sensitive information. Generally, a hacker will send an email that seems to be from a trustworthy source and include a link to click or attachment to download. Links will direct clickers to a malicious website that asks for personal information and a downloaded attachment will infect their system with malware — like the current hacker go-to ransomware. The hacker then has complete access to your device via the malware or will be able to access your accounts using the personal information you gave on the scam site.
What Do Phishing Emails Look Like?
In the past, phishing emails were pretty effortless to detect. They were usually poorly written and because they were sent out in mass, they weren’t relevant to most receivers making it easier for victims to identify these phishing emails as criminal. Email spam catchers were also more likely to grab these before they even reached the victim’s inbox.
Today, however, hackers can individualize their emails by using targeting methods similar to those employed in legitimate online marketing ad campaigns. Before even infiltrating your system, if hackers want information specific to you they can easily determine your email address, where you work, your position, and even the names of some of your colleagues. It’s also simple to find information like where you went to school or your personal interests. Once any of these details are collected, it’s easy to craft a believable email, seemingly from an organization you associate with or even from a specific person you may know. This tactic is called spear phishing.
Whale phishing uses spear phishing tactics to target senior executives in organizations who have access to the most sensitive information of a company. Typically, these employees will be authorized to make payments on behalf of the company. Because whaling campaigns are run to steal large sums, hackers invest time in researching specific information related to the organization, eventually producing an incredibly realistic email.
Keep in mind, targeted mail isn’t necessarily going to come from a name you recognize. You may receive a message from an organization you’ve not heard of that seems to be offering genuine seminars, money-making tips, or even trying to convince you that you’ve won a contest you forgot you entered.
Phishing and Cryptocurrency
Cryptocurrency has exploded in popularity in the last few years. Securelist reported that in 2017 its technology caught a multiplicity of phishing emails, many of which contained scams focusing on cryptocurrency. Without going into technical details, emails state cryptocurrency experts are hosting blockchain seminars to train beginners how to mine cryptocurrency or buy into Bitcoin to make huge profits. There are also links emailed directing clickers to faux cryptocurrency trading sites, claiming they can process cryptocurrency transactions and exchange cryptocurrency for real cash. Once they receive the victim’s transfer, they cease contact and become richer and richer as each victim falls prey to their scam.
Identify a Phishing Email
Though phishing emails are becoming increasingly hard to identify, there are a few ways you can determine if a suspicious email is in fact compromising.
- First check the spelling and grammar. Many hackers have upped their email authenticity game since the sloppy scams of the 90’s, but some phishing emails will still contain misspellings and grammatical errors. If your email has come from what you deem a credible source but is written unprofessionally, it’s possibly a phishing email.
- Pay attention to small details like the sender address or misspellings in link URLs. Oftentimes the sender address in a phishing email will be a bunch of arbitrary characters squished together and not even appear as a valid email address. Some hackers rely on the ignorance of victims who don’t verify sender addresses. Hackers generally use website addresses that are slightly different from a real and well-known address. For example, microsoft.com may become micros0ft.com, a minor detail that can easily be detected if the victim is paying attention. Note, seeing https in the URL is no longer a good indication that a site is secure. Hackers are now able to mimic the secure URLs that used to belong only to safe sites.
- If it seems too good to be true, it is. In real life you aren’t just randomly selected to attend a free cruise and you can’t make thousands (or millions!) in minutes. Trust your instincts and don’t be fooled.
Keep Your Company Protected
The best way to ensure your employees and data are protected is to thoroughly train each member of staff on phishing scams. What should they look out for? Ask all employees to report suspicious emails to the IT team and ensure they know to inquire about any emails they’re confused about. Stress they do not satisfy their own curiosity by clicking links or downloading attachments.
Another safety precaution all businesses should consider is a large-scale data backup and recovery plan to reduce downtime in case phishing malware is deployed. At StorageCraft, we will work with you to determine what your best plan of action is for all your company’s data before any disaster strikes. Contact us today for a free demo or to learn more about the StorageCraft® Recovery Solution™.