Phishing: an introduction
The many benefits of emails cannot be over emphasized. They’re useful for getting professional documents, keeping up to date with information, business, and life in general. They’re unfortunately… also one of the most exploited methods used by attackers to access sensitive information and/or download malware. Over the years it has proven to a successful, easy hack, which is why attackers have increased the use of launching attacks through emails.
Many do not understand the enormous danger that a simple email can represent for an entire organization. That lack of comprehending the danger involved, is what causes them to often click a link within a malicious email that gives attackers access to an entire network. It is important to emphasize that all it takes is one click by a user to give an attacker almost unlimited access to an organization or personal network.
What is phishing?
Phishing is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link. A phishing attack often sends the user to a malicious web site that appears to the user as a legitimate site.
Most phishing attacks employs on of two methods:
1. Malicious email attachment, which has convincing document names attached to the email. Once downloaded it install a malware on the device used to open it.
2. Malicious link that directs the user to a website that is a clone of a legitimate one.
One common tactic used by attackers is urgency. Giving a timeline to take an action to prevent either being blocked from an account or preventing ‘fraudulent’ actions on your account.
How to identify them
Phishing emails can be identified through checking the domain names for misspelt names, being aware of emails that include:
A sense of urgency
Suspicious attachments/links
Public email domains like gmail or hotmail.
Bad grammar and/or misspelled domain names.
Let’s look at a real case
Check for these signs specially if sensitive information like passwords are being requested. Do explore other blog posts for more information on how to best protect yourself -or your business- against hacker attacks.