An Email Phishing Attack is mostly used as the first level of a multistage costly attack on a company. This is the way it works: a Phishing Actor sends you pretentious messages with attachments concealing malware.
If it is not an attachment, it will be a link redirecting you to bogus pages where your login credentials or other sensitive data are requested and consequently, stolen from you.
Some general information security awareness training advises people to hover their mouse on links or attachments for a preview of the URL destination but, sadly, that cautionary move is fast going out of style.
The truth is that phishers are unrelenting, they are pulling off new forms of attacks as each day goes by.
This blog post will show you some of their methods. Let’s jump right into it first by showing you ‘why and how the whole talk concerning Email Phishing Threats affects you’.
The Impact of Global Lockdown on Phishing Attacks
Working from home became a norm following a global lockdown due to the coronavirus pandemic. The lockdown affected these key business factors that shook up business leaders:
Big tech manufacturers responded with suites of tools to mitigate the effect of the pandemic on the business factors. However, despite the plethora of security solutions, cases of cyberattacks are on the rise because of Human Risk.
Imagine these scenarios:
- You deployed a newly developed security solution that requires links to be verified before it becomes clickable.
- Now, Charles, who is your staff, crafted a way to boycott the process.
- In the long run, an attacker sends a corrupted attachment targeting Charles. What happens when Charles boycotts the verification process again even when the solution you deployed can deal with the corrupted file? (Yeah, you’re right. The worse could happen!)
Human Risk is one of your greatest vulnerabilities to cyberattacks; it has always been like that. Since the pandemic crept in, things got even worse because cyber attackers have submitted to exploiting the vulnerability even more.
Today, unless a remote/hybrid user is well-oriented to spot threats and quickly report them, it is easier to have them as prey. Suffice to say that research shows that 51% of businesses recorded a spike in the number of phishing attacks since the lockdown.
READ ALSO: 10 Tell Tale Signs of Phishing
The State of Phishing In Nigeria
It is safe to assume that 7 of 10 Nigerian businesses must deal with stockpiles of phishing emails that evade their inbox now and then.
But how will you recognize it? How can you avoid incurring huge losses for yourself and your organization by being able to discern between mails that are legitimate and mails that appear to be legitimate but are opposite?
Methods That Email Phishers Deploy and How You Can Spot Them:
- Emotional Appeal
- Deceptive Messages
- Compromised Domain Name or Sub-domain
We all have an emotional side. That is why we shed tears when something bad happens or laugh hard when it’s all funny.
Internet crooks do not see it as humans being humans, they see it as their unfair advantage, and do not lose any time to leverage it.
This is what they do: they craft an emotional and fictitious story, mostly about loss (of lives, goods, or money), and urge you to donate to salvage the situation.
They have it all figured out that what you would do next is reach out to your debit card and fill in every detail, but you can secure yourself by trying every possible means to confirm the veracity of any claim.
By the way, why should you be receiving spam emails in your inbox? If you are receiving it, chances are that you need an evaluation of your cybersecurity strategy and the security solutions you are using. Click here to book a free 1-on-1 discovery session with our cybersecurity experts.
Mails, where attackers adopt the Deception strategy, come as a fake sales offer, job offer, etc. Attackers study your online behaviour and launch a fake offer that they feel will appeal to you.
How do you secure yourself?
- When you receive a mail introducing an offer, try to visit the official website or call official phone numbers to verify.
- If possible, verify if the company is registered with Corporate Affairs Commission (CAC), and see people’s review on online site like Glassdoor, Nairaland etc… The verification process may take time but will saves you a lot of trouble.
Compromised Domain Name or Sub-domain
Now, let’s assume Milernatiom is one of my favourite fashion brands. You receive coupon mails from them regularly.
One of these days you received another mail with the same text, format, colour, and signature — just the way you always get it, from firstname.lastname@example.org. What’s fishy?
Pause, did you notice that we have in that email address is not the name of the company. The company is Milernatiom but what we have in the email address is ‘m’ in the place of ‘rn’ and ‘rn’ in the place of ‘m’.
The whole point of the exercise is to intimate you about the need to always double-check email addresses because hackers have noted that we tend not to pay much attention to email addresses. We skim through it and ask our brain to fill in the gaps.
Consequentially, they attack us with mail addresses that are slightly compromised (misspelt domains or sub-domains looking like the legitimate ones), almost unnoticeable.
Hence, don’t just skim through emails, check all the characters, and don’t allow any nuances to go unnoticed.
Dear Reader, the combination of the right training and right security solution is what fortifies your business against the ever-increasing attack. We are here for you; schedule a 1-on-1 discussion to discover what is right for you: Click here.