Phishing & Email Attacks Prevention Guide

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution. Especially, to lure individuals into providing sensitive data. Such as personally identifiable information, banking, and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

As a matter of fact, Old School Security Awareness Training doesn’t hack it anymore. Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks.

On the contrary, your IT Team is small, usually overloaded and unable to handle a large number of users who are the source of all kinds of problems. Including, malware infections through email phishing.

Therefore, you need a security awareness training program that can be deployed in minutes. Protecting your network and actually saving you a lot of time.

Phishing Attacks
Email Phishing Attacks Awareness Guide – Image by Andrew Martin from Pixabay

How does Phishing Attacks occur?

Other than email and website phishing, there’s also ‘vishing’ (Voice Phishing), ‘smishing’ (SMS Phishing) and several other phishing techniques Cybercriminals are constantly coming up with.

Generally, emails sent by cybercriminals are often masked. In the end, appearing to be sent by a business whose services are used by the recipient.

A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time.

Most banks and financial institutions also usually provide an account number or other personal details within the email, which ensures it’s coming from a reliable source.

Examples of Historical Phishing Attacks

The first lawsuit on phishing was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”.

With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts.

Perhaps one of the most consequential phishing attacks in history happened in 2016. Especially, when hackers managed to get Hillary Clinton campaign chair John Podesta to offer up his Gmail password.

Additionally, the “fappening” attack, in which intimate photos of a number of celebrities were made public, was originally thought to be a result of insecurity on Apple’s iCloud servers. But, it was, in fact, the product of a number of successful phishing attempts.

In 2016, employees at the University of Kansas responded to a phishing email and handed over access to their paycheck deposit information, resulting in them losing pay.

Phishing
Email Phishing: What You Need to Know – Reported by (Evopayments.us)

Common Features of an Email Phishing Attack

In reality, phishing emails usually appear to come from a well-known organization and ask for your personal information. Such as credit card number, social security number, account number or password.

Often times phishing attempts appear to come from sites, services, and companies with which you do not even have an account.

In order for Internet criminals to successfully “phish” your personal information, they must get you to go from an email to a website.

Furthermore, phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested.

Generally, legitimate organizations would never request this information from you via email.

First Generic Bank Phish
A sample of a Phishing website – Source (phishtank.com)

What to look for in a Website Phish


Poor Resolution: 


Phishing websites are often poor in quality since they are created with urgency and have a short lifespan.

If the resolution on a logo or in text strikes you as poor, be suspicious.


Maliciously Forged URLs: 


Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Read URLs from right to left — the real domain is at the end of the URL.

Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.

Look out for URLs that begin with an IP address, such as http://12.34.56.78/firstgenericbank/account-update/ — these are likely phishes.

Phishing email
Below is an illustration sample of a phishing email – Source (phishtank.com)

What to look for in an Email Phish


Generic Greeting: 


Phishing emails are usually sent in large batches.

To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one.

If you don’t see your name, be suspicious.


Forged Links:


Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization.

Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don’t click on the link.

Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.


Requests Personal Information:


The point of sending phishing emails is to trick you into providing your personal information.

If you receive an email requesting your personal information, it is probably a phishing attempt.


The Urgency Sense:


Internet criminals want you to provide your personal information now.

They do this by making you think something has happened that requires you to act fast.

The faster they get your information, the faster they can move on to another victim.

Definition of email Phishing attacks
All email phishing attacks have one thing in common – Image by Mohamed Hassan from Pixabay

Below are additional features that make an email phishing accomplish:


1. Too Good To Be True


Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately.

For instance, many claims that you have won an iPhone, a lottery, or some other lavish prize. Just don’t click on any suspicious emails.

Remember that if it seems to good to be true, it probably is!


2. Sense of Urgency


A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.

Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it’s best to just ignore them.

Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately.

Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet.

When in doubt, visit the source directly rather than clicking a link in an email.


3. Hyperlinks


A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it.

It could be completely different or it could be a popular website with a misspelling, for instance, www.bankofarnerica.com – the ‘m’ is actually an ‘r’ and an ‘n’, so look carefully.


4. Attachments


If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it!

For one thing, they often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.


5. Unusual Sender 


Whether it looks like it’s from someone you don’t know or someone you do know, please don’t click on it.

And, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don’t click on it either!

As an example, below is a great KnowBe4 resource that outlines 22 social engineering red flags commonly seen in phishing emails.

Having said that, we recommend printing out this PDF to pass along to family, friends, and coworkers.

Preventing Phishing Attacks
Some of the 22 social engineering red flags commonly seen in phishing emails – Source (KnowBe4 )

 

What is a Phishing kit?

Notwithstanding, the availability of phishing kits makes it easy for cybercriminals, even those with minimal technical skills, to launch phishing campaigns.

A phishing kit bundles phishing website resources and tools that need only be installed on a server. Once installed, all the attacker needs to do is send out emails to potential victims.

Phishing kits, as well as mailing lists, are available on the dark web. A couple of sites, Phishtank and OpenPhish, keep crowd-sourced lists of known phishing kits.

The Duo Labs report, Phish in a Barrel, includes an analysis of phishing kit reuse.

How do you Prevent Phishing Attacks?

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

And even though hackers are constantly coming up with new techniques, there are some things that  you can do to protect yourself and your organization:


A. Using Spam Filters


To protect against spam emails, spam filters can be used. Generally, the filters assess the origin of the message, the software used to send the message, and the appearance of the message to determine if it’s spam.

Occasionally, spam filters may even block emails from legitimate sources, so it isn’t always 100% accurate.

If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”.

Eventually, all sites will be required to have a valid SSL such as jmexclusives website.

There are many spam filtering solutions available. They can be hosted in the “cloud,” on computer servers, or integrated into email software such as Microsoft Outlook.


B. Limit Phishing Via Browsers


The browser settings should be changed to prevent fraudulent websites from opening.

Browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown.

So, the settings of the browser should only allow reliable websites to open up.


C. Update Your Login Passwords


Many websites require users to enter login information while the user image is displayed. This type of system may be open to security attacks.

One way to ensure security is to change passwords on a regular basis, and never use the same password for multiple accounts.

It’s also a good idea for websites to use a CAPTCHA system, especially, through the Google reCAPTCHA Keys for added security.


D. Phishing Monitoring Systems


Banks and financial organizations use monitoring systems to prevent phishing.

Individuals can report phishing to industry groups where legal actions can be taken against these fraudulent websites.

Organizations should provide security awareness training to employees to recognize the risks.

Read more about How this cyber attack works and how to prevent it.

Takeaway,

In other words, the best way to protect yourself from phishing is to learn how to recognize a phish.

According to KnowBe4.com, different sizes, organizations cope with different problems, but all have employees as the weak link in their IT security.

The challenges of creating and running an awareness program vary depending on the number of employees.

KnowBe4 is the world’s most popular integrated platform for security awareness training combined with simulated phishing attacks.

You can Join their more than 28,000 customers to manage the continuing problem of social engineering.

Learn More

Resourceful References;

I hope you have gathered enough information in regards to the above-revised guide about Emails & Website Phishing.

But, if you have additional information, contributions or even suggestions, please Contact Us.

You can also share some or more of your thoughts in the comments box below this post.

Below are more additional and related to the topic links.

  1. Our Referral Brands and Affiliate Products
  2. Computer Hacking » User-based Safety Tips
  3. KnowBe4: Human error Conquered 
  4. What are Google reCAPTCHA Keys?
  5. Prevent cyber hacking with Mimecast
To Join Our Team:

Copyrights © 2019 | jmexclusives

Scroll to Top