Blog / Phishing Attacks on the Rise! – Staying Alert During COVID-19 and Beyond.
Phishing is when someone makes a false claim, in order to lure a person into doing something. Sometimes the purpose of a Phishing Attack is to obtain login credentials (username and password); other times, the intent is to steal money, install some remote access software on your computers, or something else that you really shouldn’t do.
Phishing scams come in any medium: mail, telephone, e-mail, etc. You name it, someone has probably tried to use it to defraud people.
Phishing received its name due to similarities drawn between it and actual fishing. They are very alike, in that you throw out as large a net as possible, in order to catch the most fish. It’s the same tactic; try to entrap as many people as possible, and you’ll get a bigger return.
Each Phishing campaign is different, so the best advice you can give about them is different from one to another. For this newsletter, I’ll provide some general advice aimed at helping you spot a Phishing email:
1) Learn how email works.
Start by learning how it functions on a conceptual level, then learn how it works on a technical level. This may sound difficult, but it’s not. Email is actually a very simple system. Now don’t get me wrong; I’m not saying that you need to become an expert or anything; you just need to know the basics. I would consider that to be:
a) The different parts of an email (how it’s put together)
b) The process for how email gets sent
This isn’t as difficult as it may sound. From the ground up, Email was modeled in much the same way as the Post office and how regular mail gets sent. Even though it’s electronic, some of the names even match-up and that’s intentional. So, learning how email works isn’t as difficult as it might appear to be.
2) Threat (direct or implied) or something else forcing a sense of urgency or compassion.
People who run Phishing scams don’t want to give you a chance to stop and think. They will use all sorts of tactics to try and force you into a panic state. This could include threatening language and/or a stern tone of voice, throwing around words that make them seem important (calling themselves a Senior something or other, a kind of Officer, etc.) They will even take advantage of natural disasters to their own ends, like for example fake charities after an earthquake.
Nothing is off limits. There have been several Ransomware attacks recently that have been triggered via Phishing emails. A lot of these appeared to be about Coronavirus with information about preventative measures, disease spread; that sort of thing. Remember that a skilled scammer puts in the effort to make their message seem identical to a legitimate one. They will try to make it seem appealing by any means necessary, from intimidation and coercion to outright lying.
3) Look for inconsistencies between the email’s address and its content.
An email’s content might say that it came from some organization (like the World Health Organization), but the FROM address might come from Gmail. This isn’t a guarantee the email is bogus, but when enough things don’t match up, it’s better to be safe than sorry.
4) Look for bad/bogus/strange links in the email.
It’s pretty common advice to say NEVER click a link in an email, EVER. That’s good guidance, but if you’re trying to figure out if an email is dangerous or not, then you should take a good look at them. The easiest way to do that is simply hovering your mouse over the link. After a few seconds, most software should show what website it will try to open, if you click on it. Should the link show something different than what they describe, then not only should you not click on it, but it’s another strike against this email being legitimate. If nothing appears, you can also right click and copy the link. Usually, this will be a menu option such as “Copy Link Location” or “Save Link.” Then you can paste that link into some text somewhere, to see where it’s trying to send you.
As an example, if the email said it was from the WHO, with a link to one of their COVID-19 advice documents and the link pointed to a file on Google documents, that would be an immediate red flag not to download the file and to consider the email as bogus.
5) There is a Microsoft Office document involved.
Maybe the email has an office document attached, or maybe it’s asking you to download one. Both are bad ideas. Never trust an office document that you aren’t expecting from any source you aren’t directly familiar with. Even if you are directly familiar with them, exchanging office documents over email, is not a particularly wise choice.
Office documents have a lot of interesting and useful features that can be used to make things very dynamic and interesting (Macro’s, VB Scripting, etc.) Unfortunately, those same features can be misused and cause terrible damage. A blanket email policy to block office documents is a wise decision. While there are ways around this, anyone who is trying to get around such a restriction, should be immediately viewed with suspicion, and this can be an easy reaction to teach your employees.
A lot of other advice I could give would be technical, though not useful without some basic knowledge about email. Many of the things that would give away a phony email become obvious, once you have an understanding on how email works. Each Phishing campaign is different, so the things to look for keep changing. However, having a grasp about the mechanics of email, will help you every single time.
If you have questions about detecting an Email Phishing Attack, please contact your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.