A successful phishing attack can provide malicious actors with vital information, financial rewards and a foothold in corporate networks. Even worse, these cybercriminals gain access to a wealth of data that can be leveraged to design and launch more cyberattacks aimed at higher valued contacts, assets and networks.
Today’s phishers are technologically adept — they have the tools and expertise to launch diverse and sophisticated phishing attacks that are largely successful because they seem authentic. Examples of cleverly disguised phishing scams can range from spear phishing to business email compromise to deep fake voice impersonations.
Regardless of the technique or medium used in the phishing scam, most phishing attempts have the same common denominators that your employees should be able to spot. Let’s examine some red flags that answer the question: What is a Common Indicator of a Phishing Attempt?
Anti-Phishing Education: Could Your Employees Recognize the Signs?
Everyone gets phishing emails. But not everyone falls for them.
Many employees tend to overestimate their ability to distinguish phishing emails from genuine ones. To make matters worse, many phishing scams are purposely designed to “social engineer” emotions that trigger people to act, such as fear, sympathy and altruism.
The best defense against phishing is an informed workforce. Here are seven elements most phishing emails share, along with examples of how these tactics have worked.
1. Incorrect Email Address
Be on the lookout for incorrect or similar looking email addresses or email domains. It is quite easy for a cybercriminal to create a fake email domain that resembles a real organization. The fake domains are often created by substituting letters to create a domain that resembles that of a real organization name. By substituting the letters “r” and “n” for the letter “m,” a fake domain can easily resemble the real domain name (i.e., email@example.com)
Another way cybercriminals create fake domains is by including a portion of a real organization’s name in the fake domain name. For example, the email could be sent from firstname.lastname@example.org.
A recipient might see the word “Microsoft” in the address and assume this is an email from the real organization. So always check the email address of a message before you reply, click a link or download an attachment.
2. Suspicious Subject Lines
Beware of subject lines that generically reference the use of online services and social media. Cybercriminals capitalize on the heavy reliance of individuals and corporate users on virtual communication channels to pull off their scam. While some of the more successful subject lines appeal to a sense of urgency or fear, others indicate that you simply need to take some kind of action.
Such headlines are often indicative of a phishing attempt. In the U.S., phishing emails sent with the following subject lines received the most clicks:
- Email Account Updates
- Remote Working Satisfaction Survey
- Acknowledge Your Appraisal
- Important: Dress Code Changes
- Password Check Required Immediately
- Vacation Policy Update
And globally, the most common subject lines used in phishing emails during the third quarter of 2021 were:
- Twitter: Potential Twitter Account Compromise
- Facebook: Your Facebook access has been temporarily disabled for identity check
- HR: Remote Working Satisfaction Survey
- IT: Upcoming Changes
- IT: Odd Emails from your Account
3. Multiple Grammatical and Spelling Errors
Everyone makes grammatical or spelling errors from time to time, but phishing emails sent in bulk can be riddled with them. If an email contains spelling and grammatical inconsistencies in addition to other red flags listed here, it’s most likely a phishing attempt. One caveat: today’s phishers are less prone to such mistakes, so it’s wise to consider the clumsy use of language, grammatical errors and poor spelling along with other common indicators of a phishing attempt. In other words, poor grammar may be a sign, but the absence of it doesn’t mean you’re in the clear.
4. Unusual Payment Requests
Most employees will balk at an email containing a compelling story that ends with the sender requesting payment for bogus reasons. But what happens when the payment request is for services or items your business typically purchases, accompanied by an official-looking invoice? Educate your employees that a phishing email may even appear to come from a frequently used vendor, well-known businesses or even government institutions. According to Check Point, Microsoft is the most impersonated brand globally when it comes to brand phishing attempts.
In general, a good rule of thumb is to be highly suspicious of emails from any source that directly asks you to share personal information, such as bank account information, social security numbers, login credentials, mother’s maiden name, etc. Always contact the organization directly to confirm the legitimacy of any request.
5. Generic Greetings
Less sophisticated phishing emails often begin with a generic greeting such as Hi, Hello, Dear Customer, Hi User, etc. Such emails are mass distributed and typically come with broad-sounding greetings because the phisher is unwilling to go through the hassle of the research required in sending individually targeted emails. Most legitimate companies personalize their emails. Bottom line: consider generic greetings in today’s cyberspace a red flag.
6. Manipulative Language
Malicious actors use emotionally charged verbiage to persuade targets to do what they want. For instance, phishers may imitate government and law enforcement agencies to induce fear and get victims to act before thinking. This fear prevents victims from taking a close look at the phishing email to confirm its authenticity.
Phishing scams often include phrases such as ‘‘get information here,” “click now” and “expires in 4 hours.” In the right context and setting, these compelling calls to action are hard to ignore. Organizations can organize anti-phishing education to help employees identify and thwart phishing emails with such a strong emotional pull.
7. Unusual Attachments
Attachments are used for distributing malware and hiding content from email security solutions. Emails that lack information in the message body and just include an attachment or claim to include information in an attachment that could easily have been included in the message body are common indicators of a phishing attempt. The rule of thumb is to never open an unsolicited attachment in an email.
One threat report found that the most common types of malicious files attached to phishing emails were:
- Windows executables
- Script files
- Office documents
- Compressed archives
- PDF documents
- Java files
- Batch files
- Android executables
8. Unexpected Communication
Most organizations don’t request personal information or sensitive credentials via email. This is due to the insecure nature of this communication channel. As such, any emails from a supervisor, manager or colleague urgently requesting sensitive information could be an attempt to steal data.
Of course, suddenly receiving an urgent email from an unknown coworker whom you’ve never interacted with should raise some eyebrows. But even an email from a boss or colleague whom you regularly interact with that uses unexpected language should be viewed with suspicion. Humans recognize and relate to one another through consistent linguistic patterns. If you receive an email from a colleague that sounds strange, take notice.
Always pay close attention to domains and sub-domains and check for similar-looking characters or misspellings in URLs. Before clicking on an embedded link, hover the mouse cursor over the link to check for hidden URLs
How to Prevent Email Phishing Attacks
Phishing attacks rely on highly powerful social engineering techniques to create emotional responses that trigger targets to impulsively react and succumb to requests. This human factor is a powerful reason why some phishing scams work. It’s also a reason why anti-phishing education is your company’s best bet to avoid becoming a cyberattack statistic. The first step? Ensuring employees understand how to answer this question: What is a common indicator of a phishing attempt?
To increase your chances of avoiding a catastrophic phishing scam, ongoing security awareness training can bolster your company’s cybersecurity plan. At Warren Averett Technology Group, we help companies design and structure security awareness training that is comprehensive and focused on simulating real-world scenarios. We can also help you understand more about how to secure your IT environment by scheduling a cybersecurity consultation with us today.