Cybersecurity, especially email security, is at the top of the list for most IT heads. The FBI has reported that the most common security threat lies between the keyboard and the chair’s back. Apparently, over 80% of all successful exploits arise from user error.
What can IT do to reduce the possibility of malware attacks and increase email security?
Having complete and up to date anti-malware appliances and software in the Data Centre and on the desktop is essential. But that doesn’t address the issue identified by the FBI of users being the biggest threat to email security. The most common vector for introducing malware is email-based phishing attacks.
Phishing – What it is
Simply put, phishing is a scattergun attempt, usually via immense numbers of emails to acquire credentials like bank system sign-on codes or credit card details:
The hacker creates a standard email with personal elements and an internet link. The hacker designs the email to appear to come from a trusted entity like a colleague or your bank. The link leads to a website that mimics the real website or downloads and initiates malware.
When it is complete, the hacker bulk mails it to an email mailing list, usually of many thousands of addresses.
The user clicks on an embedded link and visits and uses the bad website. The website sometimes installs malware on the user’s PC to collect keystrokes. Either way, the hacker acquires user credentials.
Spear Phishing is slightly different because it targets specific individuals and sometimes a particular organisation.
To summarise, the difference between phishing and spear phishing is the target. Phishing is a scattergun approach with a massive volume of emails delivered to a target list and ready to take whatever is collected. In contrast, Spear phishing uses a highly targeted approach with known objectives. To be successful, a user makes the error of clicking on an embedded internet link in the email.
How to Recognise a Phishing Email
Recognising an email that is a potential malware threat is something that all users need to do. It must be a vital part of user education. The further problem is that most anti-malware software operates on desktops and laptops. Smart devices, tablets, and smartphones, are not so well covered, so users must recognise potentially harmful email on smart devices.
There are several techniques to identify and expose phishing emails:
A fraudulent sender
In general, colleagues, friends, and legitimate organisations don’t send emails asking for confidential information, even if you are clients. They definitely will not ask for login credentials. The high probability is that an email is a scam if you receive an unsolicited email containing a link or attachment asking for sensitive information.
A generic recipient name
Most organisations with whom you deal will address you by name, and probably ask that you call them back. If the address you with a generic salutation such as “Dear Sir”, “Dear Account Holder” and the like be very suspicious.
Poor Vocabulary and Grammar
If it’s from a major corporation like your bank, it is written in proper English, and have correct grammar. Poor spelling and fractured grammar in an email are a big pointer towards phishing.
A mismatch between the sender, their email, or website address.
Legit emails and site references have legit addresses. If you receive an Acme Corporation email, you should expect email addresses like email@example.com. Hackers use variants like firstname.lastname@example.org so beware of altered accounts. Links to other websites should be in the same domain, www.acme.com linking to www.acme.com/support for example. This isn’t 100%, but it is a good indicator.
Internet Links in an email are potentially bad news for several reasons. Hover your cursor over the link. The URL displayed should match the link description in the text. If it doesn’t, don’t go there. Additional security is provided by ensuring all links start with https://.
Legitimate companies don’t format an entire email as a hyperlink. Don’t click anywhere!
You might receive an image, supposedly from a pal, with a suggestion to click on the photo to see more. Steganography is a hacking technique to attach malware to pictures. Beware of unsolicited images.
Applying these cautionary checks will help you recognise phishing emails, and reduce the incidence of malware attacks in your organisation.