|
02/06/2020
EMAIL PHISHING ATTACKS
Hi All,
We continue to be bombarded with email that appears to be from other members of staff or trusted organizations that we have working relationships with which are in fact fake phishing type messages that try to steer you towards a certain website to enter user credentials or to open harmful attachments that could contain a virus or malware.
The Microsoft Office 365 platform we all use has some excellent filtering and anti-virus abilities but unfortunately no system can alleviate all fake spam and phishing emails.
When they do get to our inboxes, it is down to each of us to double check what we do with these emails and make sure no harm is done to our pc’s, data and network.
Please read the following bullet points on best practice when dealing with your email on a day to day basis. Above all, the phrase “If In Doubt, Leave It Out” is best applied to any message that comes in that you have any suspicion over.
1. Emails Insisting on Urgent Action
Emails insisting on urgent action do so to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications it may be bogus.
2. Emails Containing Spelling Mistakes
Most companies now use spell-checking features in email clients or web browsers to ensure their corporate communications maintain a professional appearance. Emails purporting to come from a professional source that contains spelling mistakes or grammatical errors should be treated with suspicion.
3. Emails with an Unfamiliar Greeting
Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by friends and work colleagues, likely originate from an attacker and should not be actioned or replied to. Instead they should be reported to the organization’s IT security team.
4. Inconsistencies in Email Addresses
Among other email security best practices to introduce is the random checking of senders’ email addresses – especially when an email address belonging to a regular contact is unfamiliar. By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.
5. Inconsistencies in Links and Domain Names Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to encourage employees to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
6. Be Wary of Suspicious Attachments
File sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive or SharePoint. Therefore emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
7. Emails That Seem Too Good to Be True
Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so. Even when phishers use social engineering to appeal to the target ́s curiosity or greed, the intended targets have not usually initiated contact. These emails should be flagged as suspicious at once.
8. Emails Requesting Login Credentials, Payment Information or Other Sensitive Information. Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat, and deal with them accordingly.
Regards, Paul.
Paul Jones
IT Group Manager
|
