The phishing threat (or phishing ) still weighs heavily on businesses, in terms of network security ( 95% of attacks are due to a spear phishing [or spear-phishing ]) and financially (businesses were defrauded of more than the US $ 2 billion in the past two years ). Fortunately, educating users helps limit the damage of these scams. The more users know about these types of attacks, the more examples they see and receive advice on how to identify them, the less likely they are to be victims.
Now let's go through some known types of phishing attacks and see how to spot them.
Scenario 1: You Receive an Email From a Stranger
1. Does the Email Address Seem Suspicious to You?
I would say that the most important thing in spotting a phishing email is to study the source. Refrain from wanting to immediately dive into the content of your messages, and lean on the sender.
If you don't know it, take a closer look at the address. Don't just look at the name that appears. Observe the address and the domain. Do they look suspicious? Suspicion can be subjective, but some signs are evocative: misspellings, incomprehensible strings of letters and numbers, inconsistency between the names displayed, and the e-mail address (email).
Let's take a look at the email we received below, for example. The sender's name does not mean anything and does not match the "mail to" address. I also did not recognize the domain name. It seems rather fishy to me and I would avoid clicking anything in this email. But if I hadn't taken the time to inspect the address, I might have been taken in by the urgency of the message, which says in English that if I ignore this message, my laptop will be "at all. never unrecoverable ”?! This is exactly what hackers want you to believe. They play with your emotions to divert your attention from signs that might alert you that the email is a fake.
2. What's in the Email? Did You Expect It?
Now, what if you receive an email from a stranger, but the sender's address doesn't sound alarming? Depending on the position you hold and the type of company you work in, you may be used to receiving legitimate messages from new contacts.
Instead of listing the ways to find out if these emails are legitimate (as much of it depends on the situation), we'll instead discuss the points to watch out for that you should pay attention to. I will rely on the following message to illustrate my point.
This email immediately put me on the alert, because I had asked absolutely nothing. I don't know the company and I certainly hadn't ordered anything from them. It was therefore out of the question for me to download this attachment.
Seen from the outside, it seems obvious, but it is often enough to ask yourself this simple question - "am I waiting for this email?" - to instantly spot potential attacks.
3. More Tips for Spotting Phishing Emails From Strangers
The example above contains several red flags that suggest that this is potentially a phishing email. Be on the lookout for these signs, as they can help you identify malicious emails before they victimize you.
- Vague subject: no reference to an order number, a product, etc.
- Grammar: repetitive use of "please/please" in the body of the message, awkward turns of phrase.
- Lack of personalization: the greeting only says "hi" or "hi/hello" which is odd for such a specific email (it is not a mass send).
- Lack of details: very simple wording, no product or service details, no reference to the previous contact.
- Filename: the name of the invoice is not specific to a project or a company, there are no details.
- Signature inconsistent: the information in the email signature does not match the sender information (name and email address)
Scenario 2: You Receive an Email From Someone You "Know"
I used quotes because we have shown in the past that spoofing an email address is extremely easy. A hacker is capable of spoofing already used e-mail addresses. Therefore, if the email appears to be from a sender with whom you have been in contact before, always beware of links and attachments.
For example, I received the following email from "security@globalsign.com" when no one at GlobalSign had sent it.
What if you can't trust the sender's address to tell if it's a fake email?
1. Check for the Presence of a Digital Signature
As you already know, we recommend digitally signing all corporate emails. The digital signature of an email links the online identity of the sender that has been verified by a third party to their electronic communications. In short: if you receive a digitally signed email from someone you know, you can be sure that the message came from that person and that it is not a scam.
2. How Do I Know if an Email Has Been Digitally Signed?
Most business email clients make it clear whether an email has been digitally signed. Microsoft Outlook for example includes a red ribbon.
When you click on the ribbon, additional information is displayed about the signer and the certificate used to apply the signature, allowing you to validate the identity of the signer.
3. Always Check the Link Before Clicking
Phishers love to hide their malicious links in hypertext. Always check the destination address (by hovering over it with the mouse) before clicking anything. In our previous virus alert example ("Virus Outbreak"), the link redirects us to a suspicious URL - HTTP: //globalsign.uk.virus-control.com / ... - which does not match any web address legitimate of GlobalSign.
4. Watch Out for Attachments
As we said before, take a step back and ask yourself if it makes sense for this person to send you this type of file. Have you received an email from HR with an attached PDF file presenting the company's new mutual health insurance ... when you know full well that the program changed just two or three months ago? The finance department sends an excel file detailing the results of the first quarter .... whereas so far it has never sent them in this format? Proceed logically to effectively combat certain targeted attacks.
5. Beware of "Deceptive Legitimate Signs"
Phishing attacks have improved in recent years. Let's take the example of our virus alert email. In addition to the spoofed corporate address, other elements are designed to give the message an appearance of legitimacy.
- A domain has been registered (virus-control.com) to give the impression that this malicious URL belongs to a real antivirus publisher.
- The name of a real antivirus company - Protegent360 - has even been incorporated into the URL to give a false sense of security (see text circled in red above).
- The urgency of the message, pointed out as being of the utmost importance, the use of the phrase "at the earliest" in the text.
These extra things don't make it easier to spot phishing emails and highlight that you should always think before you click or download anything.
If in doubt ... don't click!
If you still have doubts about the legitimacy of an email, we urge you to be extremely careful. Some phishing attempts can be quite sophisticated, with the perpetrators obviously having precise knowledge of their target and the company. These attacks will be all the more difficult to detect. Before clicking on a link or downloading an attachment, you have nothing to lose by contacting the sender to verify that he is the author of the message. Your CIO can also help you find out if an email is secure or not. If in doubt, forward any suspicious email to your CIO or DSSI to ask them to verify its validity and to notify them of phishing attempts.
Comments
Post a Comment