The Art of Phishing: How Cybercriminals Hook, Line and Sink Their Victims
Unsuspecting users around the globe are becoming easy prey to increasing cyber security threats. A task as simple as checking your email inbox is no longer the innocent act it once was.
Find out how hundreds of people are taking the bait and the disastrous consequences of those actions.
There is nothing quite like fishing: an open ocean, a fishing rod, and patiently waiting for your catch to take the bait. And there’s no greater feeling than discovering you’ve caught something worthwhile.
The art of email phishing is no different. However, in this scenario, the ocean is made up of thousands of email accounts.
On a daily basis, employees sit down at their desk with a hot cup of coffee and begin sorting through dozens of emails. Suddenly, an employee notices an important message from Human Resources (HR). The message directs the employee to a link and asks that the user update their current personal information. Without a second thought, the employee completes the task and discovers that all linked work accounts have been infected with malware. One by one, work files are disappearing, as the culprit basks in their latest catch.
It Looks Like a Fish! Swims Like a Fish! But… is it a Phish?
Phishing emails usually hide behind familiar and reputable company brands, which explains why many of us fall prey to this tactic and relinquish personal information.
By understanding the victim’s trends and habits, scammers can obtain personal information by impersonating corresponding banks or organizations, claiming to verify customer records due to a technical error. This type of phishing, known as Whaling and Spear Phishing, specifically targets large businesses and organizations due to the large number of customers available.
Cybercriminals can also use the pharming technique, where they lure their victims with a promise of a prize, if they fill out a survey form with necessary information. Another way this tactic is put into practice is when the scammer leads their victims to a phony version of a legitimate website, that a user is trying to visit by infecting their computer with malware. The malware then redirects the user to the fake website even when the correct address is inputted.
Phishing 101: How-To Recognize a Scam
Real company emails never request sensitive and personal information.
Beware of emails with links or attachments that ask for passwords, credit card information, credit scores or other personal information.
Real company emails address you by your full name.
Phishing emails typically use generic greetings like, “Dear Customer,” “Dear Account Holder,” or “Dear Valued Member.”
Real company emails have proper domain names.
Check the sender’s email address to ensure legitimacy. Emails with alterations to the domain address, such as additional letters or numbers, are typical signs of fraudulent accounts.
Real company emails don’t have poor grammar.
Bad grammar in an email is a sure sign that you are dealing with a scammer, as most company emails are heavily scrutinized and edited before release.
Real company emails don’t force you onto their website.
Some phishing emails are coded in a way that forces a browser to open and automatically opens a specific website.
Real company emails don’t include unsolicited attachments.
Unsolicited emails containing attachments are typically sent by hackers as a way of downloading malware onto your computer.
Learning and knowing more about email phishing can make all the difference when trying to distinguish what is phish bait and what isn’t.
So, the next time you are faced with a questionable message in your inbox, remember these guidelines and you may avoid becoming a victim of someone else’s phishing game.
Follow, Like & Share!
Don’t forget! VPLS offers Email Security Services that will prevent phishing emails from even entering your inbox.If you want to keep up with the latest security trends and other IT related products and services, please visit our blog and stay current with the latest news!