Email is an essential component to any business. As so many depend on email as their primary method of communication, it has become one of the most common pathways used by cyber criminals. Below, we explain common email attack methods and detail the steps you can take to use email safely.
Phishing refers to an attack that uses email or a messaging service (identical to those on social media sites) which tricks you into taking an action, such as clicking on a link or opening an attachment. By falling victim to such an attack, you risk having your highly sensitive information compromised and/or your computer infected. Attackers work hard to make their phishing emails convincing. For example, they are capable of making their email look like it came from someone you know, such as a friend or a trusted company. They will even add logos of your bank or forge the email address so the message appears legitimate.
The attacker’s goal is to harvest your personal information, including passwords, credit card numbers or banking details. To do this, they email you a link that takes you to a website that appears legitimate, but instead launches an attack on your device which may infect your system. This website then asks you to provide your account information or personal data. Beware! The site is fake, and any information you enter goes directly
to the attacker.
The attacker’s goal is the same, to infect and take control of your device. But instead of a link, the attacker attaches an infected file, such as a Word document. Opening the attachment triggers the attack, potentially giving the attacker control of your system.
Some phishing emails are nothing more than scams by con artists who have moved into the digital world. They try to fool you by saying you won the lottery or pretending to be a charity needing donations. If you respond, they will say they first need payment for their services or access to your bank account, in effect, scamming you out of your money. Scam campaigns coincide with natural disasters and relief efforts as well.
Read on to learn how you can properly identify malicious emails and protect yourself.
- The email creates a sense of urgency, demanding "immediate action" before something bad happens, like closing your account. The attacker wants to rush you into making a mistake without thinking.
- You receive an email with an attachment that you were not expecting or the email entices you to open the attachment.
- Instead of using your name, the email uses a generic salutation like "Dear Customer." Most companies or friends contacting you know your name.
- The email requests highly sensitive information, such as your credit card number or password. The email says it comes from an official organization, but has poor grammar or spelling, or uses a personal email address like @gmail.com, @yahoo.com or @hotmail.com.
- The link looks odd or unofficial. To check, hover your mouse cursor over the link until a pop-up shows you where that link really takes you. If the link in the email doesn't match the pop-up destination, don't click it.
- You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify.
Ultimately, common sense is your best defense. If you believe an email or message is a phishing attack, simply delete it. This simple tactic may save you time and money in the long-run.
*Compiled from SANS.org