Phishing: One in Every Hundred Emails is a Hacking Attempt
Email continues to be the most popular method for cyber-attacks. According to a study conducted by FireEye, one in 101 emails contains a malicious hacking attempt such as “phishing”. Phishing is a form of fraudulent solicitation in which an email is cleverly disguised to appear to be from trusted brands such as banks, credit card companies, online retailers or even one of your friends. The emails entice recipients into taking an action such as clicking a malicious link, opening and infected attachment or responding to a scam. Often the emails contain links to “spoofed” web pages which may look exactly like those of a legitimate business. Researchers at the cyber-security company examined more than half-a-billion emails from January to June and identified malicious emails with intent to compromise users or networks. What is shocking about this study is that only 10% of the malicious emails identified contained malware (use of an infected attachment to gain access to a computer). The remaining 90% or malicious emails are considered “malware-less attacks” and use phishing, CEO fraud, W2 scams, and a variety of other impersonation tactics to solicit information and access from the email recipient.
Email security solutions are largely focused on detecting malware and thus cyber criminals and hackers are becoming more sophisticated by adapting their attacks. These type of malware-less attacks leave individuals and organizations exposed and vulnerable. When it comes to protecting yourself online, knowledge is power. It is vital to stay abreast of the latest trends in cyber-attacks and understand what a malware-less attack looks like.
Typical malware-less attacks use impersonation techniques and spoof the sender address in an email to appear as a reputable source and request sensitive information. Additionally, there may be embedded links in an email that redirects the recipient to an unsecure or fraudulent website that requests or grants access to sensitive information.
Below are some helpful tips to spot malicious emails:
- Educate yourself on and keep up-to-date on current cyber-attacks.
- Enable two-factor authentication whenever possible. This will prevent the recipient from logging on to fraudulent websites and from providing their username and password to hackers.
- Check email addresses. If the email looks legitimate but is from a personal
gmail.com oryahoo.com, it is most likely a phishing attempt.
- Be wary of emails addressed to “Customer”. A trusted organization should address you by name and not use generic salutations.
- Pay close attention when checking emails on mobile devices. Mobile devices often display the sender’s name and not email address leaving it easier to trick the recipient.
- Look for spelling and grammar mistakes.
- Beware of any emails that require “immediate action”. This is a common technique used to intimidate consumers into making a mistake.
- Think before you click unsolicited or unknown links. Hover your mouse over links to show their true destination.
- If something appears suspicious, it probably is! Be wary of scams!
If you think you have been victim of a malware-less attack, change your passwords immediately and contact UMIT at 305-243-5999.