What is a phishing attack and how can I spot one?
In sport fishing, an incentive (bait) is used to confuse or trick a fish into catching itself on your hook. In the email security world, there is an equivalent process, cleverly named “phishing.” Hackers use legitimate looking emails or websites, to garner the trust of targeted users, convincing them to click on a link or to download infected files. The end goal is to gain valuable information about the user or the data that is stored on their device or network.
Who’s on the hook?
In the case of an individual, perhaps the phisher is simply looking to gather your credit card information. This could lead to fraudulent purchases, or even attempts at identity theft. Inconvenient? Yes. Crippling? No. Most of the time you can have charges reversed and simply have a new card issued.
In a business however, where collection of customer data has become commonplace, there are complications that may not exist on the individual level. Containment becomes more difficult and scope can be harder to determine.
- Customer/client base rather than an individual (number of users)
- Disruption is to a network rather than a single device
- Liability and legal implications
The result of a breach can therefore be staggering, and ultimately devastating.
Why do phishing schemes exist?
There are many different kinds of phishing attacks. Some are seeking money, some fame, and some just disruption. Often the catalyst is an email asking for information or for payment where the key is to trick the recipient into clicking a link or otherwise providing the valued information (credit card information, bank account, social security). In the case of clicking a link or downloading a file, the purpose is to infect your computer.
One example is ransomware. The downloaded file will encrypt and/or prevent access to data. The phisher will then require a payment to unlock the information. Payment does not always remove the infection on the device though. This can often lead to future interruptions and additional requests for payment. It is best to consult with a professional if you have been infected/attacked. Do not just assume that payment is your best, or only, option.
In other cases, the infiltrator will use the phishing attack to gain unauthorized remote access to the computer network (a “backdoor”). This is manipulated to have admin level permissions while going virtually unnoticed. Vulnerabilities can sit dormant on a network, allowing the attacker the ability to strike at will. If undetected, a continued stream of information can be accessed and stolen. In cases were client/customer data is involved, associated compliance fees (HIPAA/PCI) and potential legal payout from an attack can be overwhelming. It is estimated that 60% of small businesses that have experienced a cyber-attack go “belly up” within six months of the incident. i Beyond that, studies show that nearly 28% of those breached will experience a second breach within two years. ii Being able to spot and protect your company from a phishing scheme may determine whether you sink or swim.
Real or Reel?
As far as your email security goes, if you see something, say something. If an email looks suspicious, clinking the link or opening the file is NOT the way to investigate.
Using the email below, you will see that there are a number of clues to alert us to the fact that there is something ‘phishy’ here. Though some emails may be far more sophisticated, we can learn a lot from this example.
- This email is from Dropbox and yet their logo is absent. Either it is time to fire their marketing team or this is not really from them.
- Why would Dropbox send me an email with the subject “Xerox: Scanned from scanner?”
Always check to see whether the subject line and the content match.
- There are several issues with the senders email address.
- The trademark would not be a part of the address
- “onmicrosoftaware”- what is this? Why isn’t Dropbox sending from their own domain?
Beware of suspicious domains.
- Admin only has (1) n.
- Why was an invoice sent to “Undisclosed Recipients?”
Always look at who else is receiving a suspicious email.
- Dropbox typically sends a link- not an attachment
- Look for poor use of the English language. Although mistakes can happen, this is often a sign of a falsified email.
- If you hover over “Download Attachment”- it is a link, not a file. Beyond that, the url is not to the Dropbox domain, but rather to a masking address using the url shortening service “tinyurl” for redirecting.
Hovering over links can bring the “phish” to the surface.
- “Learn More” should be a link. Again- poss
- ibly a mistake, but when coupled with everything else, it is notable.
When in doubt, it is best to phone a friend (like Infoaxis) and investigate prior to trusting/opening/downloading links or attachments. As a rule of thumb:
- ASK: If you know the sender, and the email seems out of character, ask first. This simple task can be a real game changer.
- ALERT: Once deemed fraudulent, tell the person who “sent” you the email. Give them an opportunity to stop their contacts from falling for the scheme. Also, alert your IT team or provider as they may have additional steps that they wish to take.
School the shoal
- good password hygiene
- the handling of customer information
Share information and stay on top of trends.
Don’t get caught!
In the ever-changing world of hacking and phishing schemes, it is difficult to stay ahead of the game. Enlisting the assistance of a Managed Services Provider (MSP) can be a cost effective way to help prevent your business from becoming a victim. Although prevention is never a guarantee, implementation and management of antivirus and anti-spyware standards as well as active directory and event log monitoring/alerting can make a huge difference.
Call today to see what Infoaxis can do for you. 201-236-3000 or contact us for more information.
Written by Matthew Knowland