Catching a Phish
Phishing is a form of Social Engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. This article discusses phishing in more detail, outlines some common characteristics of a phishing email and explains what to do if you receive one.
A common component of a phishing email is the presence of one or more hyperlinks within the body of the message. The email will usually be written in such a way to fool you into clicking the link, which will take you to a legitimate looking website, where you may be asked to part with sensitive company or personal information. Alternatively, the website may automatically download malicious software (malware) onto your computer.
Early phishing emails were simple to identify, as they were basic, full of irrelevant content and contained many grammatical and spelling errors. However, phishing emails sent today are often of the ‘Spear Phishing’ variety, which are specifically targeted at you individually. These spear phishing emails are difficult to catch as the content is contextually relevant, pertaining to organizations that you associate with, so appear extremely authentic.
Characteristics of a Phishing Email
Phishing emails commonly have one or more of the following characteristics:
- Sent from an unknown or untrusted sender
- Generically addressed (e.g. Dear valued customer…), rather than addressing you by name
- Unexpected or unsolicited content
- Contextually relevant content from unknown senders
- Content that appears to add legitimacy (e.g. an account number), but verification would prove otherwise
- Threatening action (e.g. your account will be disabled if you don’t do this…)
- Displayed link does not match the underlying hyperlink
- Expressions of urgency or immediate requests for action
- Requests for sensitive company or personal information
- Requests to upload or download data
- Spelling or grammatical errors
A well constructed, targeted phishing email is very difficult to spot and you must be alert and aware at all times.
Here is an example phishing email sent from a fictitious bank that contains many of the characteristics mentioned previously. These telling characteristics are discussed in detail below.
- This sender sounds official, but how can you be sure? Emails can appear to be sent from any address, so it is easy to fake something that looks official.
- Notice the sense of urgency expressed in the subject. Apparently, it’s a final reminder. Do you remember receiving any previous emails on this subject?
- This is rather generically and impersonally addressed for such an important subject. Why didn’t they explicitly address you by name?
- The statement about not logging in for a while could well be true, lending to the legitimate appearance of the email. Do not be fooled by this tactic.
- “We must to suspend your online account” – notice the grammatical error here
- Facilty – spelling mistake. I think they mean facility. The same mistake is made throughout the email.
- Request for sensitive information. Reputable banks or financial institutions will never request sensitive information by email.
- Threat of account suspension adds weight to the sense of urgency and importance.
- The URL in the email appears legitimate, but when you hold the mouse over it, you see that the actual hyperlink ends in ‘royaibank.com’ not ‘royalbank.com’ as stated
- Another grammatical error. I think they meant to say ‘inconvenience’ rather than ‘convenience’.
- Stating that the email has come from the security team is yet another tactic to appear legitimate.
For more examples of phishing emails, take the quiz located here: http://www.sonicwall.com/phishing/. See if you can get the test 100% correct – not many people do, which illustrates how convincing some phishing emails can be.
Receiving a Phishing Email
As phishing emails are so common, you will almost certainly receive one at some point in the future. Treat any email asking for sensitive company or personal information as suspicious. If you suspect you may have received a phishing email:
- Do not click on any links or open any attachments in the email
- Try to verify the authenticity of the email, by phoning the sender
- If the email is requesting sensitive company information, report it to your company immediately
Lastly, if you think you may have fallen victim to a phishing attempt and provided sensitive information, report it immediately.