Phishing emails are one of the most prevalent and threatening types of cyber attacks, so we thought it was appropriate to talk about them this month. Strap in because phishing attacks can hide in plain sight and might not be what you thought they were.
What is a Phishing Attack?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identity theft.
For example, imagine a website that looks exactly like the Netflix website asking you to log in. However, when you input your account information, you’re actually handing it over to hackers. These criminals then try to use this information to log into other sites, like your banking account. The other common consequence when users click on a link or attachment in a phishing email is malware infiltration. Just the act of clicking on the email can introduce things like ransomware that will infect and encrypt your entire network.
So, How Can You Prevent Phishing Attacks?
Well, the truth is, you can’t entirely prevent them. You can set up filters that will block a few of them from making their way into your coworkers’ and employees’ inboxes, but it’s not going to stop all of them. Hackers have become extremely good at creating these types of attacks to get around common prevention methods. So, for users, vigilance is key. A spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they’re even receiving such an email.
For enterprises, a number of steps can be taken to mitigate both phishing and spear phishing attacks:
- Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
- In addition to using 2FA, organizations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and not be allowed to reuse a password for multiple applications.
- Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.
Spotting Phishing Attempts
Phishing attempts are not nearly as obvious as they once were. In recent years, key tokens that an email was a phishing attack were bad grammar, poor design, and weird language choices. However, cybercriminals have become increasingly sophisticated, and now phishing emails are often identical to their real counterparts, with only small, inconspicuous differences. So, here’s what to look for in 2022.
On any email client: You can examine hypertext links, which is one of the best ways to recognize a phishing attack.
When checking for hyperlinks: The destination URL will show in a hover pop-up window near the hyperlink. Ensure that the destination URL link equals what is in the email. Additionally, be cautious about clicking on links that have strange characters in them or are abbreviated.
On mobile devices: You can observe the destination URL by briefly hovering your mouse over the hyperlink. As a result, the URL will materialize in a small pop-up window.
On web pages: The destination URL will be revealed in the bottom-left corner of the browser window when hovering over the anchor text.
Phishing is definitely not a treat. Hackers use phishing emails to get your information and spread dangerous malware. It’s a problem that’s been around, and it’s not going away any time soon. California Computer Option’s email security solution will help you prevent the most sophisticated phishing and social engineering attacks before they reach users.
Contact us for more information and schedule an assessment to see how CCO can help minimize your organization’s phishing risk.