What are phishing emails? These are questions that haunt every computer user. Phishing emails are a severe threat to all email users. These emails carry viruses, spyware, Trojans, or other malicious programs to access and spread sensitive personal and business information.
Phishing emails lie to victims and trick them into revealing information that should be kept private. Phishing email victims often respond to requests without hesitation because they trust the source and believe the sending party acts with the best intentions.
Cybercriminals will often use phishing emails to ask you for personal information, such as passwords, date of birth, credit card or social security numbers, home or work address, etc.
Cybercriminals then use this information to impersonate victims, open bank accounts, and apply for credit cards, loans, or other fraudulent activity.
Cybercriminals may also use the information from a phishing message to launch a more targeted attack. This could include a spearphishing attack or a business email compromise incident using the victim’s personal details.
What are some real-world Phishing email attack examples?
1) Corporate Technical Support email:
Corporate IT sends an email to employees asking them to install instant messaging software. The email looks authentic and trustworthy. In reality, however, this is a phishing email where the attacker is using a spoofed email address that looks very identical to the actual corporate email address. For example, the hacker is using the email address ITsupport@mycompany.com instead of ITTechsupport@mycompany.com. Most people during their busy workday will rarely notice this slight difference and install the software.
Ransomware is automatically installed on the company network when employees install the software.
These phishing attacks illustrate how easy it can be to fall for an email. It is easier to foster cyber security awareness if people are more familiar with phishing.
2) Malicious Social Media Request:
You receive a Facebook friend request from someone with the same Facebook friends. Although you don’t recognize the person immediately, you assume that the request is genuine because of your common friends. The new friend sends you a Facebook message containing a link to a YouTube video that, when clicked, installs malware on your computer as well as potentially the corporate network.
3) Threat of Account Termination or Deactivation:
A victim receives an email that appears to be coming from a legitimate company like their bank or a popular cash transfer application advising them that their account has been compromised. They will need to confirm their credit card details, or their account will be deleted. The victim clicks on the link to go to a fake website. Once confirmed, the stolen credit card information can be used for further crimes.
4) Urgent Fund Transfer Request:
You receive an urgent email from your manager while they are on vacation. The email states that your manager is stranded somewhere and has misplaced their wallet, and needs your help to send some funds to a foreign bank account. You know your manager is on vacation and fall for this story. You do not hesitate to transfer the funds because you believe you are helping out your manager. When you realize what is happening, it is too late, and you have been conned out of your money. Since the money you sent is to a foreign account, opening a fraud case with said bank is nearly impossible.
5) The Famous Nigerian Price Scam:
In this scam, a supposed benefactor could be a Nigerian royalty, official, or business executive, has his fortune worth millions held hostage by war, corruption, or unrest. To transfer the money to safekeeping, this desperate person needs your bank account number or small advance payment (to cover taxes and bank fees or well-placed Bribes), or both.
For your trouble, this “Nigerian Prince” will share some of his millions with you.
Victims who fall for this scam end up getting their bank accounts drained or paying a lot of fees over time in the greed of eventually receiving millions.
How can you recognize a Phishing email?
You need to keep an eye out for some simple signs to help you identify malicious emails and preserve your email security.
1) URL link in an email should match the URL of the legitimate company:
A link that says it will take you to one location does not necessarily mean it will. Always double-check URLs. If the URL link in the text is not identical to the URL displayed when the cursor hovers above the link, it’s a sure sign that you will be redirected to a site you shouldn’t be visiting. Never trust a hyperlink’s URL if it doesn’t look right or isn’t in the context of the email.
2) Legitimate companies never request your personal information via email:
If you receive an email from an institution asking you for personal information via email, you can be confident it is a scam. Legitimate businesses won’t send you emails asking for passwords, credit card numbers, tax numbers, or credit scores. They will also never send you a link that you will need to log in. It is best to call the company and let them know about the email to verify its authenticity when in doubt.
3) Check whether the sender’s email address matches the Company domain:
In addition to looking at the sender’s name, check their email address by hovering over the “from” address and ensure that no alterations have been made. For example, you may receive an email that appears to have been sent by your bank, but on close inspection, you notice that the sender’s email address is firstname.lastname@example.org instead of @chase.com. Most people in a hurry overlook these differences.
Keep in mind, however, that this isn’t a foolproof method. Some companies send emails from unique domains, while others use third-party email providers. When in doubt, always call the company to verify the authenticity of the email.
4) Look for spelling errors in the email:
Bad grammar is the best way to identify a fraudulent email. Genuine corporate emails are always well written. Many Hackers believe that their prey is uninformed and less aware, so they will most likely not observe the syntax or grammar mistakes.
5) Legitimate companies will never randomly send downloadable attachments via email:
Hackers are known to send unsolicited email attachments. Most often, legitimate businesses won’t send you unsolicited emails with attachments. Instead, they direct you to their website, where you can download files or documents.
This method, however, also isn’t foolproof. Sometimes, companies will email you information such as a bill or letter, which may need to be downloaded but be extra careful around high-risk attachment file formats such as.exe and .scr. If in doubt, always contact the company using contact information from their website and verify the email’s authenticity.
How to protect yourself from Phishing Emails?
These 4 points will help you protect yourself from phishing emails.
- Educate Use security awareness training to teach individuals how to identify and better protect themselves from phishing emails.
- Monitor Make use of monitoring tools for employee monitoring and identification of cyber-attack targets.
- Communicate Provide ongoing communications and campaigns regarding phishing emails, social engineering, and cyber security.
- Incorporate Make cyber security awareness, training, support, and education a part of your corporate culture.
It doesn’t matter if your security system is the best in the world. One untrained employee can fall for a phishing attack and expose the sensitive data you have worked hard to protect. You must be familiar with phishing email examples and the warning signs that a phishing attack is taking place to protect yourself and your peers better.
Interested in kickstarting your career in Cybersecurity no matter your educational background or experience? Click Here to find out.