On Wednesday 8th January 2020, the Central Bank of Malta released a warning about an identified phishing attempt aiming for personal information of the unsuspected users. It seems that cyber criminals are back from their holiday vacation and this first reported attack in Malta shows what we can expect for 2020. Here at D4n6, we would like to give you a glimpse of what you can expect regarding phishing in 2020 and how to prevent you and your company’s information from falling into the criminal’s hands.
Phishing is a form of attack whereby criminals trick recipients via email or carefully crafted websites to provide information willingly by masking their identity with a legitimate looking alias. Email is the primary channel for distributing phishing attempts followed by the redirection to a fake website or an undetectable installation of a Remote Access Tool (RAT) after opening the email’s attachment.
In 2019, Phishing was rocking as the top choice for cyber criminals and is expected to remain topping the charts in 2020. Nearly 80% of all big corporate “hacks” that made the news started out by an unsuspecting employee opened a phishing email.
You have probably already received some poorly attempted and under sophisticated phishing emails before if you check the “SPAM” folder on Gmail or Outlook client. They share common characteristics that makes them easily identifiable.
How to identify a phishing email and what to do?
- They usually press the urgency of a matter using phrases like “you will be terminated” or “your account will be deleted” and setting a time frame of response.
- Check the sender! It may look and feel like it is coming from a legitimate source, however if you hover check (moving the mouse cursor over the sender email to view the address) you may notice that something is off. For example the official support for PayPal should be email@example.com and a phishing scammer would create a mail like firstname.lastname@example.org or email@example.com which are non-official addresses of the proper business entity.
- They usually have inconsistent sentences and grammatical errors. Check if every detail checks out and the wording, logo, text alignment looks as it should be. This is because phishing emails usually are low effort copies of the legitimate service emails.
- Check links in the email redirecting to external sites before clicking. Hover check the links in the email to make sure it is redirecting you to the right URL. Same as with the email address, if you see something is off like the URL does not match the service you are expected to be redirected to or it is redirecting to a server IP address (e.g. http://18.104.22.168/ppau/ ); than do not open the email.
Successful phishing attempts may lead the attacker to deliver viruses or malware onto your system, stealing data or login information that criminals may then use for malicious acts.
Not sure how phishing may affect you or your organization? We have a solution for you.
D4n6 can simulate phishing attacks for you in a controlled environment, simulating attacks on your employees using the InfoSec platform. We can simulate attacks on any number of individuals by sending carefully crafted, relevant phishing emails and tracking the results giving you a full picture of your company’s resiliency against cyber criminals. Our use of InfoSec also supports learning modules where you can assign detailed video training material for employees who failed the test thus improving the company’s score continuously.
Contact us to leverage the details on phishing simulations and don’t wait until it’s too late – you could be the next target.