3 Mar 2022

Phishing

Phishing emails are one of the most common cyber threats that an organization may face. Working from home has increased Phishing attacks worldwide. Attackers intensified their phishing attacks by exploiting remote work environments where employees are not protected by corporate firewalls.

What is phishing

Phishing is a type of social engineering where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure, like ransomware.
wikipedia 
Phishing attacks can be used to accomplish a variety of goals for an attacker, like stealing user login credentials, data, debit/credit card numbers and money, as well as delivering malware to a recipient’s computer. It occurs when an attacker, posing as a trusted entity, dupes a victim into opening an email, instant message, text message or social media post. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, ransomware attack or the revealing of sensitive information for instance, by sending you to fake login pages disguised as platforms you use, advertising fake contests, or pretending to be someone they are not.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is frequently used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an Advanced Persistent Threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

Example of phishing email

How to spot a Phishing email

Phishing emails are designed to use trickery and to convince the recipient to do something. As a general rule, If the request in an email seems odd or potentially dangerous, then be cautious of it.

  • Lookalike Email Addresses: Phishers will often use an email address that looks like but is not quite the same as a legitimate, trusted one, such as user@cornpany.com instead of user@company.com. Verify that an email address is correct before trusting an email.
  • Misleading Links: A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different, or it could be a popular website with a misspelling, for instance www.rnicrosoft.com - the 'm' is actually an 'r' and an 'n', so look carefully, you might think you’re visiting microsoft.com.
  • Suspicious Attachments: Phishers will use email attachments to deliver malware to their targets. If an attachment is unnecessary, the wrong file type (like a ZIP file claiming to be an invoice), or a Microsoft Office document that requires macros, then it’s probably malware. If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
  • Spelling and Grammar: Phishing emails commonly contain spelling mistakes and grammatical errors. If an email sounds wrong or doesn’t match the alleged sender’s voice, then it’s probably a scam.
  • Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don't click on any suspicious emails. Remember that if it seems too good to be true, it probably is!
  • Sense of Urgency - A favourite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it's best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account, and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
  • Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don't click on it! 
  •  A generic greeting. Phishing emails are commonly distributed en-masse and may contain extremely generic-sounding greetings. For example, a fair portion of them start out with “Hello Dear” or “Hi,”. A lack of personalization within the greeting is a red flag.

 What To Do After Falling for a Phishing Attack

There are mainly two ways you could fall for a phishing email: either downloading a file through the email or giving away confidential information.

What To Do After Downloading a Malicious File 
Downloading an infected file is one of the easiest ways attackers can access your files and data. This could be an email attachment or a link to a website where you can download the malicious file. If you download an infected file and the antivirus didn't detect or warn you about suspicious downloads, the next step to react and try to minimize the damage is to disconnect the computer from the internet. That way, you'll prevent anyone from remotely accessing your device. It also ensures any spyware that they might've installed doesn't leak your files to the attacker.

You need to scan and clean your device of malware. Either install another antivirus update offline then scan your computer for malware, or connect the hard drive to another PC with updated antivirus then scan your hard drive. If you're not confident in your technical skills, you could take your device to a local technician or call a tech support centre and explain the situation.

What to do after giving away confidential information 
If you have given away confidential information like login credentials, reset your passwords for services you use like email account, social networks, financial accounts etc. When the attacker has already logged you out of your account, contact the Breached Account Provider to assist with retrieving access to your account.

While changing your password after an attack might be common knowledge, you should actually change all of your login information. That includes email, username, password, and security questions.

Knowing even one part of your login makes it easier for a hacker to guess the other one. Changing all of them after an attack makes it much harder for the same cybercriminal to target you again.


I don’t recommend anyone replying to any phishing emails, opening links or attachments.