Email scams are popular. Phishing attacks, as these scams called, will try to manipulate you in disclosing your data. Including your login credentials, your credit card number, etc.

The problem with these attacks? It is tricky to recognize them by using only technical means. Thus, it is very important to educate your users to recognize them -or at least to be aware- of the danger.

Spear Phishing

To make it even harder, a spear-phishing attack is directed specifically to you.

The attacker collects information about you from public websites, the social media, etc., to craft a personalized message that is hard to detect.

Phishing By the Numbers

90%

Of data breaches are because of phishing.

76%

Of businesses reported being a victim of a phishing attack in the last year.

30%

Of phishing messages get opened by targeted users.

The signs of a phishing email

In a phishing attack, one or more of the indicators described below are present to the message.

The sender’s email address looks sketchy

This is a lifesaver!!! Beware of the sender’s email address; often, it is obvious that is sketchy. For example, an email that claims to be from Microsoft.com cannot have the email address of [email protected].

Grammar errors and misspellings

Sometimes, in such emails there are misspellings, generic greetings and the message might seem a bit off. In such cases, you better delete the message, or contact your IT department.

A sense of urgency

Beware of email messages that need immediate action. Emails like, ‘your account has been blocked’, ‘change your password now’, ‘please deposit XXX money by the end of the day’, are common in such scams.

Blackmail

Messages such as ‘we hacked your account’, ‘we hacked your web camera’, and so on., are common in phishing attacks.

Don’t panic. Do a google search of a phrase you copied from within the message, to find whether it is a known scam; or ask your IT department.

Links

Some phishing emails ask to click on a link. For example, “to reset your password”. Such links steal your credentials or download malware.

Be extra cautious with links, within email messages, and never click on links from senders you don’t know.

Bizarre email messages with attachments

In some phishing emails, the attacker will try to persuade you to open an attached file (for example an attached invoice, an attached fax file, etc.). Such attachments steal your credentials or download malware.

Use common sense and don’t open attachments from email messages you don’t know about, or might seem a bit off.

Ask for a money transaction

Many phishing emails ask for a money transaction. In spear-phishing attacks, you might see an email from your boss calling for an immediate money deposit.

Please, always double-check by phone, to a previously known phone number, that the message is legitimate.

A couple of real-world examples

Spear Phishing Email

Even though the message looks legitimate, at first, there are a few sketchy signs: While the sender’s name is legit, the email address is irrelevant. There is a sense of urgency, and most importantly the use of language is a bit off for that particular sender (me).

Phishing Email

.

This phishing email is quite common and pretty obvious. There is a sense of urgency, the email address is completely irrelevant, there is a (malicious) link within the message.