Email Phishing Attacks – Common Security Challenge
One of the common security challenge is to protect self from phishing attacks. Phishing attacks are the security challenges for companies and individuals both. During the current lockdown situation where maximum people are working from home or remote, it very important to secure the information. The motive of these phishing attack is most of the time is financial benefit. So today in short I will talk about email phishing, that can happen in multiple following ways.
- Fake Email from vendor to customer from Fake email id, but will look like real.
- Fake email from financial institution like Bank to individuals from fake id but will look like real.
- Most of the time the email id’s faked are of senior official, life CFO’ CEO, Branch Managers or Finance managers.
The object of this post is to help people with simple and key important points around the way attacks are done, and what we can do to avoid getting cheated by these attackers;
As I always believe that the problems are around three areas i.e. PPT (People, Process and Technology), today will focus only on people and process, as during current situation will be difficult to do much around technology implementation if not already in place.
In current scenario where employees working remotely, and difficult to be reached by phone or personally, things would work out on emails mostly, so lets focus on emails in this post.
Here are various phishing techniques used by attackers:
- Email sent with Embedding a link in it to to redirects individuals to an unsecure website that requests sensitive information.
- Malicious email carrying a Trojan as an attachment or ad which will allow the hacker to exploit loopholes and obtain sensitive information.
- Spoofing the sender email address in an email to appear as a reputable source and asking for sensitive information or bill payment with change bank details in the email.
Few steps you can take to sage guard yourself from these phishing attacks;
- First most important step is training / educating your people / employees by best possible ways, so that they don’t get trapped in the email phishing attacks.
- Before responding to any email coming from reputed / senior / important customer or vendor, please make sure check full email address carefully, not just the from name.
- Just make sure you have antivirus installed on you system, if you are working on personal system.
- Enable SPAM filter for your emails, that will detect existing virus signatures and will avoid existing viruses.
- For example – recent real incident happened – User received an email from the Senior (Name Edited) person CFO from Vendor (CEO/CFO/OWNER), just being little alert and careful, impact was averted.
See below when the email received it looked real, but when double click from address to check email address – it was fake email address.
Would love to receive your your comments / thoughts ?