One of the most common and easily deceiving forms of social engineering is email phishing which is an attempt by someone posing as a trustworthy entity to gain access to sensitive information like credit card data.
Phishing emails are gaining immense popularity within the social engineering game because they are easy to pull off. The email will most likely appear to be from a CEO or other C-level position, and will mimic the company format from colors, to email addresses, and phone numbers. Everything will look almost identical to the real thing.
Attackers are always switching up their techniques when it comes to phishing emails but there are two common techniques everyone should be aware of. First, some attackers will include a link in the email that will redirect users to an unsecured site. Once users are on this website, they will be prompted to submit sensitive information often under the guise of they’ve received a credit or refund. The second technique often used is installing Trojans via a malicious email attachment. If the user opens the attachment, then the Trojan is able to gain access to the network, obtain sensitive information, and send it back to the attacker.
So how can you avoid phishing attacks? First and foremost, never give personal or financial information via email, and never respond to emails requesting this information. Another tip to avoiding these attacks is pay close attention to the URLs given and the email address used. Phishing emails will appear to come from a legitimate source but if you look carefully there will usually be a few dead giveaways that it is a phishing attempt. For instance, the email address may appear to have the correct format but there may be a variation in the spelling or the domain may be changed. The same thing goes for any URLs included in the email. Dashes may be added, spelling variations may be present, or the domain will be changed from .com to .net or any other domain. Lastly, if you still aren’t sure of the legitimacy of an email or web links, you can always contact the company directly. Do not use any contact information included in the email. If you know the company’s URL, enter it manually into your browser but if you don’t know it then search for the company and find the web address that way. Once on the company’s official website, you can find a contact phone number and personally reach out to verify the email.
Phishing emails aren’t going anywhere anytime soon because they are an effective tactic for attackers. The best way to avoid getting caught in a phishing attempt is to know what to look for, and have malware protection on your devices. For more information about phishing emails and other social engineering tactics download our free Cybersecurity eBook today.