Service Desk : Xandor Service Desk

Email Attacks - Phishing

Gavin Chapman

about 3 years ago

In response to one of our suppliers being hacked and their systems sending out further attacks to compromise more businesses including ourselves, we have drafted some information regarding Email Attacks and how to spot them.

What is Phishing?

In today’s increasingly digital world, so much of what we do, whether it’s for business or pleasure, is carried out online. This increase in online activity has resulted in a massive explosion in cybercrime.

Cybercrime has become a powerful tool for criminals looking to steal our personal data and extort money. The speed, anonymity and convenience of the internet has enabled criminals to launch highly targeted attacks with very little effort.

According to a recent report from cybersecurity firm Norton, cybercriminals stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users.

The most successful and dangerous of all the cyber-attacks is phishing. Research has found that 91% of all cyber attacks start with a phishing email.

Phishing continues to be the most common form of cyber-attack due to its simplicity, effectiveness and high return on investment. It has evolved from its early days of tricking people with scams of Nigerian prince’s and requests for emergency medical treatment. The phishing attacks taking place today are sophisticated, targeted and increasingly difficult to spot.

How to Detect Phishing Emails

Even within phishing emails that look at first glance just like the real emails sent out by legitimate banks, application sites, and other sources, there are often clues that make it easy to identify the emails as phishes:

The email asks for personal information, such as birthday information, a phone number or a mother's maiden name. Real messages should never ask for this kind of data.

Misspelt words or bad grammar.

They tell you you’ve won the lottery or some other contest, usually one you didn’t enter.

The email asks you to make a donation for some heart-wrenching cause, to an organization with a name close to a real one, but slightly different.

The email has a threatening tone or declaration of emergency. Phishes may say that an account has been hacked, that benefits are about to lapse, that you’ve been recorded through your webcam, or that there’s another threat already on your system. They often urge immediate action, in order to give the recipient less time to think.

The email has attachments. (These may appear to be relatively innocuous, like PDFs or Word files, but they may, in fact, be applications that will plant malware.)

The actual URL is different from the one shown. (A link may be underlined text or an image. Hovering over the link shows the actual URL that clicking on the link will take you to. If this doesn’t match the apparent sender of the message, it’s a prime indicator that the message is fake.)