What is Email Phishing?
Email Phishing is a technique that cyber criminals use to craft seemingly legitimate looking social media messages and emails to trick people to provide confidential information like usernames, passwords, and payment card details, etc. They then use the details for fraud. The sneaky attacks are becoming more widespread with studies revealing that almost 80,000 people fall victim of the scam daily and organizations lose millions of dollars as a result of this. To learn more about email phishing protection and awareness it is important to know the various tricks that hackers use on their victims as you will see below.
Types of Email Phishing
As the days go by, hackers are becoming more creative using numerous phishing techniques for their fraudulent ways.
Here are some of the techniques they may use:
Deceptive Phishing
These are attacks where fraudsters attempt to steal people’s login details or personal information by impersonating legitimate firms. The emails entice users into doing what the attackers want by creating a sense of urgency or using threats. For instance, PayPal Scammers might send an email warning that there are some account discrepancies and a person needs to follow a link to rectify the problem. In the real sense, the link leads to a fake login page which collects a person’s information and sends it to the hackers.
Spear Phishing
While other traditional methods use mass emails to target as many people as possible, spear phishing tends to use a more targeted approach where the hackers mark specific organizations or individuals to attack. They usually do in-depth research to make the attack more personal to increase chances of success. For example, the fraudsters can customize the attack emails with the person’s full name, the company they work for, position, work phone number and other details that will trick the recipient into thinking they have a relationship with the person who sent the email.
Whaling Attacks
This is when attackers target top executives of organizations. They use the spear phishing approach to try and steal the director’s log in details. If they are successful, the hackers can go ahead and conduct what is known as a CEO attack. Here, they impersonate the CEO to abuse his/her emails to authorize illegal wire transfers to a financial institution they choose. There is a high success rate using this method because executives seldom participate in security awareness training with the people who work under them.
Pharming
As many people are becoming aware of common phishing scams, some fraudsters are going high-tech where they poison DNS (domain name systems) as their base of attacks. Note that internet naming utilize DNS servers to convert website names into numerical IP addresses that people can use to locate computer devices and services. With the DNS cache poisoning attack, the hacker will attack a DNS server to change the IP address which is associated with the website’s alphabetical name. It implies that users can access malicious websites even when they enter the right internet site’s name.
Phishing Though Search Engines
Some scams involve the use of search engines to direct users to sites that offer low-cost services and products. When a person tries to buy an item by entering their credit card details, the fraudsters quickly collect all the sensitive information. Noteworthy is that numerous fake bank websites offer loans or credit cards at low rates, but they are phishing sites.
Pointers to Identify and Prevent Phishing Attacks
As part of educating yourself about email phishing protection and awareness, it helps to know the steps to take to be aware on how to recognize phishing attacks. Here are a few signs that feature on malicious emails:
- Generic greetings – most emails will have salutations like hello, bank X customer instead of using real names which is an indication that the attacks were launched in bulk.
- Emails requesting personal details – most upstanding firms will never email clients seeking confidential information. Call the company in question to ask if they need the details requested if you have any suspicions.
- Mail that asks for an urgent response – most fraudulent emails create a sense of urgency which makes recipients believe they need to act fast to “save” their accounts.
- Emails that come with spoofed links – never be tempted to open links that claim they will lead you to certain websites. Drift around the link to verify its genuineness.
- Review bank and credit card statements to ensure all transactions are legitimate.
- Get reliable antivirus and spam protection that can filter spam email so that you do not receive them.
- Conduct training sessions in companies so that everyone from the executives down know how to protect themselves, to be on the safe side.
