Phishing is smart, It’s only getting smarter…
Phishing is rife, and they’re only getting cleverer
Hackers are pestering away via several routes to get access to your personal details. Email is by far one of the simplest means of admission for cyber criminals into a computer network.
You can of course spam filter your emails, but only to a minor degree – otherwise you’d never receive any ever again!
Phishing is the act of deceiving an email recipient into involuntarily sharing their data. The tactics by which these sorts of ‘cyber attacks’ are conducted are getting niftier all the time.
In turn, users need to get sharper – Scoping out deceitful emails on a day to day basis.
How do they do it?
Falsifying email addresses as though they were sent from someone else’s mailbox is regrettably quite easy to do.
The email itself, (in most cases), isn’t dangerous. You can just delete it from your inbox.
The mutilation comes from clicking any link embedded within or opening the attachment from the email. From this link or attached file, a virus, malware or malicious software will download and mount itself to your PC – quite often without the user being alert that anything has happened.
See an example underneath, (with the victim sender’s details omitted), to which we refer to through this blog article.
What does it look like in my inbox?
The emails are very cunningly hidden. They will look as any normal email would, with a real email address and could conceivably contain an email signature & disclaimer from a real business. The contact may well be recognised to you and the sort of content contained within the email, may be something that you would generally expect to see from that person. Misleading you as the recipient into a false sense of security.
The email itself, however, is most likely to contain a distrustful link or an unconnected attachment, which is the lure to draw you into their grasp, by which they can enter your PC & snip your credentials. This hopefully would differ from the sort of communication you would typically expect to receive (if at all) from this email address – helping it stand out as an email to be wary of.
What should I look out for?
When you obtain any new emails there are a few key things to check straight away, even if you know & trust the sender.
- The sender’s name & email address. Is it someone you know? Could you call them and check they meant to refer you this email?
- Does the email hold an attachment?
If it is a PDF document, there’s a sturdy chance that you’re safe.
If it is a Word or Excel document, it may well hold a virus hidden in a script that will run automatically once you open the file.
One thing to keep in mind is that you can’t tell from looking at the file whether it is honest or malicious before you open it. If you do open it and it’s malicious, it’s generally too late.
- Does the email contain any links?
Links are easy to check. Hover over the link and your computer will show the website destination where it will take you.
If the link appears to be the real website, or where you would expect to land, like in the example below, then it may well be genuine, but that is no assurance!
With this instance, the link takes you to a file hosted in a Microsoft OneDrive account. The email makes it look like this user did want to send you this file, which is stored in a trustworthy place. If the link appears to be of an untrusted source, it would naturally appear to be more doubtful, but on face-value this example link appears to be legitimate.
Clicking the link to visit the website, which appears to be a real Microsoft OneDrive file share, you can see a summary of the document, which is apparently a PDF.
Upon further examination, hovering over the preview shows the Microsoft notification box with the “Open” button is completely fake – it’s just an image, not a real notification box at all. Hovering anywhere over the open screen shows the entire image to be hyperlinked to a shortened URL, (via tinyurl), cleverly and simply masking a malevolent website.
Had the “Open” button been honest and the document was able to be viewed within the browser it would have likely been entirely legitimate.
However, on this example, clicking this link does take you through to a virus riddled website, leading to the recipient’s email accounts susceptible to being hacked.
Always triple check. Even if you believe to recognise the person that sent you the email.
Shadow our straight-forward 3-step check list – sender’s name & email address, attachments and links. Checking these three key things before taking any action with the email will help you remain protected.
Who are Initial IT?
Initial IT has been providing technology services and support to small-and medium-sized businesses in Staffordshire & beyond for more than 15 years.
Our mission is to drive value with innovative, customer-oriented solutions that give them the edge to compete with their much larger counterparts.