Phishing attacks through Emails

The profile of the increasingly sophisticated activities of cyber-criminals has been raised across the world due to the chaos brought by the recent WannaCry ransomware attacks. These viruses are spread through attacking vulnerable public systems, which when created, infect further systems.

Despite the vast publicity of the dangers, 1 in 10 individuals will still fall victim to these criminals’ activities. SME’s appear to be the main target due to criminals believing the chances of defeating security and gaining access is higher. Once criminals have gained access, they are able to attack larger, more valuable organisations that have a relationship with the SME, through the use of email accounts.

The Anatomy

Due to social engineering, many of these individuals will discover information credible to the recipient, such as a manager, colleague or supplier. Distorted emails are then produced that closely resemble that of a known individuals email address. An example includes john.smith@themotorconnpany.co.uk, which when briskly glanced at can resemble john.smith@themotorcompany.co.uk. Due to their similarity, many will beat email security and end up in the recipient’s inbox. By clicking, downloading an attachment or responding to the email, the toxicity of its content will infect the device and in some cases can spread across the entire system. This results in granting the criminal access to the organisations data. If data is unavailable to steal to sell, then criminals may decide to encrypt data, and hold the organisation ransom.

What to look for:

The sender – Ask yourself if you know the person and if the email address used is their usual address.

The subject – Emails should always be given a meaningful subject, and when receiving a reply, you should always expect to receive the same.

Content – Criminals use emotional language within their emails, often delivered with a sense of urgency, with many asking for actions to be completed.  For example, ensuring an individual responds by unlocking a suspended account or to visit a website.

Links – Clicking onto links within emails can redirect you to malicious websites that impersonate a genuine website.

Attachments – Ask yourself if you recognise the attachment format, and if so what to do with it. Attachments can like links, transmit viruses.

The Lure

During the induction process, many organisations will include security training as part of it. This will often include awareness of phishing attacks and what to look out for. However, even after regular refresher sessions, individuals can become complacent. The problem is also intensified by criminals constantly changing their tactics and methods.

To ensure they have all the necessary details needed to carry out an attack, criminals will engage in social engineering. A practice that consists of searching through social media channels or an organisations website. This way they are able to find the information needed to create closely imitated emails from trusted sources.

Although many techniques in the past appear to have been obvious and full of clumsy mistakes, the rewards have enticed more sophisticated criminals. These individuals pose a real threat, and it is their activity that creates the growing population of phishing.

Phishing statistics  

  • 250% increase in the number of phishing sites from October 2015 to March 2016. 
  • 91% of hacking attacks begin with an email. 
  • 55% increase of phishing campaigns targeting employees. 
  • 34.9% of all phishing attacks were directed at organisations in the financial industry.

What actions should you take?

It is crucial that phishing attacks are explained in detail to employees so they are aware of what to expect. Regular training is likely to help reduce the risk of an organisation being attacked. It is designed to engage employees in the security process and helps direct the necessary education.

Working alongside an organisations management team, some specialist service providers are conducting imitation phishing attacks on workforces to identify which employees need more training. The methods they use are similar to that of methods used in a genuine attack, and the recipient will be unaware that they are being tested. During the test, the way in the employee responds is recorded, as well as their actions; whether they clicked on links, or even just simply opening the email!

Identifying service providers who offer not only real life practices, but also those that offer training services can help an organisation improve its security and resilience.

For more information on Phishing Attacks or how they might affect your business, please contact Jonathan Crook on jonathan.crook@myersclark.co.uk or call 01923 224411.