Phishing Attacks - how to identify fraudulent emails.


What is phishing? Phishing (Email phishing) a type of cyber-attack that uses social engineering techniques to attempt to trick the email recipient to open an attachment or click on a link that is embedded in the email. These fraudulent emails use the element of disguise, they are visually crafted to make the recipient believe that the email originated from a legitimate trusted source but in reality it’s the work of an attacker luring potential victims (general phishing) or a specific victim (spear phishing) into executing his malicious code.

The social engineering techniques use by the attacker are very creative and vast, it’s estimated that 156 million phishing emails are sent every day, 16 million make it through filters, 8 million are opened, and 800,000 links are clicked. Attackers craft the content of the email with positive or negative information designed to trigger human emotions such as: fear, greed, curiosity, happiness, sadness that consequently can lead the user to fall for the attacker enticement. An email from your bank alerting you that your account has been compromised will catch your attention, or an email containing attached pictures of your company’s yearly national convention will definitely be something to peek your interest. These phishing emails can be constructed with such details that even the most “technical eye” can be easily fool by them, let alone the average user.

Phishing is not to be confused with Email Scam, though they may “cross path” at times Email Scams are primarily crafted to sell you something or asking for money. Email circulating the internet that offer you a “get rich quickly” solution, an inheritance from a unknown distance relative, finding true love without compromise, asking to help dying tigers in the Himalayan, etc. usually lack the technical skills employed by phishing attacks.

The ultimate purpose of the Phishing attack is to lure the recipient to click on an embedded link that would take the user to a rogue website (a fake site that looks legitimate to the user) or to execute a program on the recipient’s computer. Once the code is executed two things can happen:

  • The program executes some type of malware on the victim’s computer and causes computer and may be network disruption. Though the issue can cause havoc in a network the problem is visible and necessary measures can be taken to contain and repair the damage.

  • The program executes some type of malware on the victim's computer and It goes unseen causing “no immediate damage”, to me this is the most dangerous. This type of attacks usually opens a remote session on the victim’s computer that is exploited by the attacker, giving the attacker access to the victim’s computer and potential access to the rest of the network.

How to spot phishing attack.

There’s not silver bullet to it but rather a comprehensive approach that includes user awareness, a layered security program, and security solutions. For instance, in Spear Phishing attacks, the attacker has done some type of reconnaissance on the potential victim and crafted an email for that specific user. Besides elaborating what seems to be a legitimate email the attacker has developed highly sophisticated program that when executed will go undetected by most advanced security solutions. This type of attacks usually target specific people and can be carry out by nations spying on other nations or by corporate spying on their competitors (corporate espionage).

So let’s put that highly sophisticated attack for aside for now and focus on how to spot phishing attacks for the “average user”:

  • Use common sense: Yes, as simple as it sounds it’s a very powerful tool against email phishing scams. If you feel uneasy about an email you receive go over the email (without clicking on any link) and see if it makes sense to you. Does it have a legitimate format, do you feel coerced, have you exchanged correspondence in the past with that particular sender?

Take a look at the example below, the attacker is enticing the potential victim with a US Airways’ offer. If you pay close attention to the sender you’ll notice that sender’s name (oobrrkpxk) looks fishy and the domain name has nothing to do US Airways (picanteperosabroso.com). Also if you hover over hyperlinks they'd point to site other than US Airways, and lastly the email has poor formatting. It’s very unlikely a large corporation will send poorly crafted emails.

  • Pay attention to the senders domain: the domain is the section of the email address that follows the "@" sing, it doesn't have to be the exact name of the comapany but it's usually close enough for you to identiy a business. If you get a well-crafted email from a spammer impersonating a representative from your bank but you noticed that the sender’s email address does not include your bank’s domain on it then it’s fraudulent. In our example below the email seems to originate from American Express but when you look at the email address next to the name you'll notice that it comes from azure.com

  • Do they exercise poor grammar? Large corporations pay close attention to their public image. They have departments in that ensure that all information made public is up to the highest standards, including grammar. If you feel an email lacks the professional writing style from a corporation it probably isn’t legit.

  • Links pointing to Executable file or Zip files. Look at the example below, this is what some people would consider a Phishing attack work of art. The email is well constructed, the sender appears to come from a legitimate site, one of the links points to the UPS domain but the other link points to a zip file on a third party site.

As we said earlier there's no simple solution to email attacks, especially phishing attacks. We just went over a couple of tips that would help us identify fraudulent emails but even when exercising the aforementioned best practices we may still have doubt of the email origin and intention. In situration like this, especially in the business enviroment, an email security solution should be in place. McAfee offers an excellent Email Security Solution that goes beyond the anti-spam service, they have developed a more advanced email protection solution called “Click Protect” that is part of McAfee’s email protection. Click Protect validates the link the content of the email, emulates the page to check for malware, and previews the page to the user without allowing code execution. It even offers the same functionality for mobile devices.

PreciseTek is McAfee partner providing business in New York City and Northern New Jersey with security solution. Our solutions and technical expertise give our customers an edge over the latest and most advanced cyber-security attacks. We offer fortune 100 security solutions and services to the small and mid-sized organizations at small business price, some products and subscription can be implemented without initial up-front cost and on monthly contractual basis.

Businesses can not afford not having a security solution, PreciseTek takes the complications and high costs out of and gives organizations the oportunity to have cutting edge security solutions in a concious, cost effective manner.

Contact us for details about Email Security or any other Security Service for your organization.

www.precisetek.com | 888-580-4450 | Contact us

#whatisphising #whatisthedifferencebetwenphishingandspam #emailsecuritysolutions #newyorkemailsecurity #emailsecurityforsmallbusinsses #securityexpertsinnewyork #howtoavoidphishing #howtospotaphishingemail #emailprotectionservices #expertosenseguridad #newjerseysecurityexperts

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square