Email phishing scams remain the primary method hackers use to obtain victims’ personal data. Email is the most vulnerable form of communication because it is hugely pervasive, yet relatively easy to forge a counterfeit identity with.
For a cybercriminal, email represents an easy way into nearly any organization. This is especially true of large businesses and enterprises, where individual employees probably do not know one another personally. An email that appears to come from an executive or upper management will often be taken at face value.
This is a major problem for cybersecurity professionals because the human element is the most dynamic part of any cybersecurity policy. You can build the biggest, strongest, most secure walls around your data infrastructure, but it only takes one careless employee to accidentally invite the enemy through the front door.
As a result, every good cybersecurity policy must offer guidance to educate workers on spotting suspicious emails. It must also provide for a process describing what to do with phishing scam emails – whether that means deleting them on the spot or sending them to a security team for verification.
Importantly, this defensive approach relies on each employee’s ability to identify phishing scams and report them. Include the following red flags in your cybersecurity policy to ensure the best results.
- Mismatched Names
Mismatched names are the biggest telltale signs of known phishing scams. Often, this is the case when an attacker is trying to impersonate a large, reputable company. Although the From field in your email client may seem correct, the actual email address may not correspond exactly to the company in question.
For instance, there is a real difference between, “FedEx.com” and “Fed-Ex.com”, the hyphenated URL is part of a known phishing scam email address. Also, if an email message from a trusted third-party does not use your name in its opening, that could be a red flag.
Unfortunately, it is extremely easy to forge an email address. Mismatched names represent the bottom line when it comes to creating a convincing phishing scam, so employees have to be on the lookout for other factors.
- Urgent Action Required
Since cybercriminals can forge email addresses, a common tactic involves impersonating an authority figure and urgently requesting sensitive information. Most entry-level accountants would be intimidated by an urgent email from the CFO requesting every employee’s tax forms – but this is exactly what cybercriminals want.
Your corporate cybersecurity policy should provide for verification of urgent action emails – or simply require that urgent actions be communicated by more secure means. Any situation that threatens some sort of damage or punishment for not acting right now probably shouldn’t be communicated via email.
One way to counteract this approach is empowering employees to verify emails with supervisors, managers, and executives by phone. Occasionally annoying the CEO is far preferable to accidentally allowing a high-profile data breach that costs millions of dollars and generates widespread public distrust in the company, and possibly shutter it in six months.
- Embedded Links
Yes, most emails contain embedded links – they make it very easy to access websites and data referred to in the email body. But cybersecurity-conscious employees should not rely on embedded links when accessing URLs they can type into their own browser and save as bookmarks.
Not only can cybercriminals forge email addresses, but they can forge domain names too. Most people are not familiar with DNS naming structure and will fall for a link that looks legitimate.
For example, “info.LegitDomain.com” refers to the Information page of a legitimate domain. A cybercriminal may forge an email directing victims to “LegitDomain.MaliciousDomain.com,” relying on the fact that most people will see the legitimate domain and think they are safe.
Cybercriminals using an IDN homograph attack can even forge a domain that looks exactly like the domain they are impersonating using international character symbols. No human eye could tell the difference. This is why teaching employees to rely on their URL bookmarks is good cybersecurity practice.
Have You Been Victimized? What to Do After a Phishing Scam
If you or someone who operates on your network has opened and clicked on suspicious emails, you still have time to formulate a response. Malware and ransomware attacks don’t typically start immediately after you download a malicious file – it takes time for the program to position itself in your network infrastructure to do the most damage.
In many cases, having a cybersecurity expert install a comprehensive security suite like Datto SIRIS can thwart would-be attackers before the attack is fully triggered. If you have reason to believe your network might be compromised, the time for a full-scale audit is now.
Subscribe to the Small Business Solutions Blog and receive updates when we publish a new article.