Email Security Blog

How to Recognize and Avoid Phishing Email Scams

Here is how to spot the telltale signs of phishing scams and phishing emails. Every day millions of phishing emails are sent and received all over the world; in the cybersecurity landscape, humans remain the weakest link. 

According to Accenture's 2019 Cyber Security report, cybercrime cost impacted US companies on average about $13m annually, and this number is increasing year over year. 

To help educate email users just like you, we'll break down some of the most common ways that phishing scams and emails are structured.

The Devil You Know:

One of the most common phishing scams is where an email user is presented with an email that appears to be from a friend or colleague. Telltale signs that something might be awry are if their note seems out of place or out of character for the sender. For instance, an email sent from a personal email address when only business correspondence had been shared previously. Another easy spot is if the email address that the note came from is strange our seems to be a jumble of characters and numbers not readily associated with the sender. Often phishing scams that are personally target have and odd cadence, request funds or other information that are out of character for your friend or colleague.

What the Boss Wants

CEO or C-Suite impersonation is becoming a fan favorite for the phishing scammers. Many of the phishing emails that we see are structured to make the recipient believe that they are communicating with a member of senior management. Many of these phishing attacks request that a subordinate assist in securing gift cards, iTunes cards or an equivalent, scenarios are often painted where the CEO is unable to chat on the phone and is a meeting situation where they have access to a personal device but not there regular email. The phishing scam often involves a back and forth to build trust with the intended victim.

Another variant of the CEO impersonation is requesting funding for imaginary projects, vendor payments etc. This type of Phishing scam typically targets lower-level employees in the financial or accounting departments and pressurizes them to transfer funds in a rapid and usually confidential manner.

I read the news today, Oh boy.

Social media has transformed the way businesses communicate; it has also provided a window into corporations that are ripe for the cyber-criminal. Today with the use of networking sites likes LinkedIn, it is incredibly easy to build a profile of a company through its employees. Titles, roles even reporting structures are freely available. Hackers know where their marks went to school, where they worked before, whom they know, whom they knew. Many spear phishing scams involve targeting specific individuals within a corporation by exploiting their corporate hierarchy. In our top 5 phishing scams blog, we counted almost $250m worth of misappropriated funds which came from a combination of social engineering and CEO impersonation. Press releases, new product launches, financial results all provide ample opportunity for the birth of a new phishing scam.

Benefits or Bust

When you sign up for a 401k or Health Benefits, you end up parting company with your name, social security number, home address, and many other personal tidbits. The surrender of one's information goes part in parcel with the process, and so when we receive an email asking us to update our personal information or renew our benefits, we often click through without thinking. However, phishing scams posing as your benefits provider are becoming more common. Phishing scammers are becoming highly adept at creating convincing clones of legitimate corporate emails; once compromised recovering one's identity can be extremely difficult.

Pass the Word On

How do you get someone's password? You ask for it. Office 365 phishing scams and other password reset emails are becoming extremely common. This type of phishing attack is straightforward to execute, and many phishing redirect sites come replete with real (though misused) SSL certs and faked graphics and iconography. Amazingly we often see faked O365 emails that are so convincing they are passed as safe though other email filtering programs.

INKY's Phish Fence takes all of the flavors of Phish and renders them harmless. With Phish Fence installed users don't have to worry about being successfully phished. Instead, all emails are evaluated in milli-seconds, dangerous emails are either filtered off to quarantine or are or given a red banner. The banner system serves as a form of in-line training for impacted associates informing the email user. Further, should a yellow banner email be received users can also self-report if a phishing email is suspected?

Take the INKY Phitness test today and see how your organization can benefit from a Phish free lifestyle.

Topics: