A phishing attack is sending emails that appear to be from trusted sources to gain personal information, deliver malicious payloads, or compromise account credentials. Phishing attacks are usually transmitted to many email addresses. The contents are not specific to the receiving user and are generally along the lines of “Your Netflix account has been locked, CLICK HERE to unlock” or similar.
What is spear-phishing?
Spear Phishing is a method of cyber-attack that tries to convince users to provide access or information by pretending to be someone important who is in some way relatable to the targeted user. CEOs are a common vector of attack, as is a potentially lucrative new client. These attempts influence the recipient to do something such as transfer money or buy Amazon / Google Play vouchers.
I received this email on my account not too long ago and thought I would use it as an excellent example of a phishing attempt. At first glance, you can see why people would think it is genuine:
But let’s look a little closer. Notice the sender email is using the @msn.com domain, suggesting that this is a free Microsoft email account that has been set up for this purpose:
If we hover over the Confirm Your Email Address link, you will see it wants to take you somewhere that is NOT Microsoft:
If we click the link, we can see that the site we are forwarded to does not look professional at all:
As expected, a login box to steal your credentials:
Also, note that the tone of the email is assertive and trying to portray urgency. Even though it is the first you have heard of it, according to the email, you absolutely MUST click the link within 48 hours to make sure you keep your account. Many people don’t even log into their emails every 48 hours, so this is a ridiculous request.
Finally, the grammar is not good and certainly not what you would expect from an official email from Microsoft. Spelling and Grammar errors are good indicators of a malicious email. Sometimes they are even included on purpose as the assumption is if you miss them, then you will miss other signs and therefore be more gullible to fraud!
What advice can we give?
If in doubt, don’t click! Hover over links in emails if you are not sure they are from a trusted source. A phishing email may claim to be from a legitimate company. When you click on the link, it may look like the actual website, but double check by hovering over the link and checking the URL.
Never give out personal information online – as a rule, you should never share personal or financially sensitive information over the internet. If you are paying for an item or service, check that the website is secure and the address starts with “HTTPS”.
If the email contains spelling mistakes or has grammatical errors – this could indicate that it is a scam email; people write many phishing emails outside of the UK, so the standard of English is usually not good.
If the email asks you to do something urgent – claiming that your account will be closed unless you submit your details instils a sense of panic, double-check that it is from a natural source.
An unusual attachment – if you receive an unexpected email from a company that contains an attachment, it could include a malicious virus – don’t open it! These generally come in Word / PDF documents claiming to be an invoice or remittance advice but can be anything.
Phishing attacks are one of the most common types of cyber-attacks today. It is so important to keep alert and question any suspicious-looking email that you receive. There are several 3rd party solutions that can help you mitigate this risk:
- Email Security Gateway – this sits between your email provider and the outside world, filtering spam, phishing, fraud attempts and other malicious email categories.
- Training & Testing – there are several trusted vendors that provide end-user training on how to spot a phishing email, as well as running test campaigns to keep everyone on their toes!
- Multi-Factor Authentication – the main aim of a phishing email is to forward you to a fake website and have you enter your credentials, so they are stolen and the account used for malicious activity. If you have MFA enabled on your email accounts (Office 365, for example), even if a user falls for a phishing email and enters their credentials, they cannot be used without the MFA code from a separate device.
If you would like to discuss further how Planet IT can help you secure your email environment and protect your users from scams like the above email, please get in touch via DM or email [email protected].
My name is Adam, and I am a security-focused Technical Architect. My job is to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to! Want to hear more of my thoughts on Cybersecurity and other technology news? Connect with me on LinkedIn: https://www.linkedin.com/in/adam-e-harrison/