6 minute read
NO PHISHING: KEEPING YOUR ORGANIZATION SECURE
By Jared Hughes, Information Security Analyst, VGM Group, Inc.
The threat from phishing emails has long been the most common source of data security incidents for both businesses and individuals alike. Current events haven’t really changed that reality, though they have given the hackers a common subject to build their phishing campaigns around. Due to the massive prevalence of COVID-19-related stories in world, national, and local news, the attackers have readymade talking points to capture your attention and trick you into clicking links or opening attachments.
[ The threat from phishing emails has long been the most common source of data security—current events haven’t changed that reality. ]
The Usual Signs
Fortunately, the signs to look out for in these COVID-19 phishing emails remain the same as in any other phishing email. Simply ask yourself:
Is the email expected or unexpected?
Does the name of the sender match the email address of the sender?
Is there an unusual looking or unexpected attachment with the email?
Is there an unusual looking or unexpected URL in the email that the sender is asking you to click on?
Does the tone of the email take a sense of urgency, asking you to immediately reply, click a link, or open an attachment?
The Two Forms of Phishing Emails
Phishing emails arrive in your inbox in one of two common forms—completely unexpected from an unknown sender, or an apparent reply from a known sender. The unexpected phishing emails are usually the easiest to spot and ignore. They may be from an unknown contact and resemble marketing spam emails. Since these phishing emails come from unknown senders out of the blue, it’s a little easier to stop and think through whether the content in the email makes sense or is suspicious and needs a closer look.
[ It’s always a good idea to check whether the name of the sender matches with the email address of the sender. ]
It’s always a good idea to check whether the name of the sender matches with the email address of the sender. For example, legitimate emails will show the sender’s name and their email address that you’re already familiar with, such as John Doe <john.doe@ vgm.com>. Phishing emails will commonly show different sender names and email addresses, such as John Doe <billsmith56@gmail.com>. A clear conflict between the sender’s name and email address is a key indicator that you’re looking at a phishing email.
The trickiest phishing emails are those that come from a known sender or contact and appear to be a reply to an email you sent them. Phishing emails of this variety come about when a hacker takes over someone’s email and begins sending phishing emails to their contacts, which may include you. Instead of sending a fresh email as a new conversation, the hacker will go through their recent emails and reply to an email you sent your contact. This gives the appearance of continuing conversation with a known contact.
[ A telltale giveaway of a phishing attack is an email reply that doesn’t fit with the rest of the conversation in the chain. ]
A telltale giveaway in these phishing emails is that the hacker’s reply doesn’t usually fit with the rest of the conversation in the email chain. For example, if you and the contact were discussing an upcoming round of competitive bidding and the hacker replies to one of those emails asking you to pay an invoice, that sudden change in topic is a sign of a phishing email.
[ Two of the most common titles for malware attachments are “my resume” and “invoice.” ]
Attachments, URLs, and Malware
Though email security systems are getting better at removing dangerous attachments, it’s still common to receive a phishing email with a malware-laden attachment. Perhaps the two most common titles for malware attachments are “my resume” and “invoice.” Many computers have been infected when a “resume” is opened that ultimately just contains malware, even when the person opening the resume doesn’t work in a management or hiring capacity. Taking an extra second to consider whether the email you’re looking at makes sense for you to act on will do wonders to keep you safe.
Attachments that simply say “invoice” are becoming much more common over the last few years or so. Like the phishing emails that contain “my resume” attachments, taking an extra second to determine whether you should be receiving an invoice from this sender is a great defense. Have you ever received an invoice from this sender? Are they performing any work that is likely to result in an invoice? If the answer to any of these questions is “no,” there’s a good chance that you’re looking at a phishing email.
[ A clickable link may be a single word or image in the email body or signature, even a picture made to look like an attachment. ]
More and more, we’re seeing phishing emails that include a malicious URL to click on instead of an attachment. A major difference between a clickable link and an attachment is that attachments usually show up the same way in an email and they’re opened the same way, whether safe or not. With URLs, clickable links, they can be presented many ways that can be used to trick you into clicking on them. A clickable link may be a single word or image in the body of an email, something in the signature line, or even a picture made to look like an attachment.
A giveaway with these URLs is that when your mouse hovers over one, it will change slightly to show the link. For example, the mouse pointer may change into a small hand. The website that the link will attempt to reach will also be displayed when you hover over it. Seeing if the website matches with the claim in the email will help determine whether you’re looking at a phishing email or not.
[ Phishing emails are basically high-pressure sales situations. Attackers tap into your emotions to convince you to take action. ]
All phishing emails are effectively high-pressure sales situations. The attackers are trying to tap into your emotions and convince you to take an action, such as replying to the email, opening an attachment, or clicking a link. Sometimes this means attackers write lengthy emails that are multiple paragraphs in length, laying out all the false reasons why you should do this or that. Other times attackers will be extremely abrupt, writing out only a single brief sentence, such as “see attached invoice.”
What to Do With a Phishing Email
After considering the above, just what do you do with a phishing email after you’ve identified it? If the email appears to come from a known contact that you can reach by phone, then giving that person a call will always be a good idea. They can confirm over the phone whether they sent the email or not. If not, they’ll know that there may be a security problem with their email that needs to be fixed. If you have co-workers who specialize in information/cybersecurity, ask for their help with the email. With their knowledge, training, and experience, they can help you with next steps if you’re unsure.
ABOUT THE AUTHOR
Jared Hughes, Information Security Analyst, VGM Group, Inc.
Jared has been with VGM Group, Inc. since 2010. He holds the CompTIA Security+ certification and is a certified GIAC Penetration Tester. In his current role, he is responsible for improving and driving company-wide cybersecurity initiatives, ensuring PCI and HIPAA compliance. He also leads the corporate security committee, educating and advising on the varied and constantly evolving challenges faced by VGM’s divisions, employee owners, and customers. Connect with Jared on LinkedIn or at Jared.Hughes@vgm.com.
www.vgm.com
