25 July 2023  —  Acronis

Email Phishing Unveiled: Identifying and Preventing Deceptive Attacks

Acronis
Acronis Cyber Protect Cloud
for Service Providers

An email phishing attack is a type of online scam where criminals impersonate organizations via email, advertisement, or text message in order to steal important and sensitive data, and information. The phishing messages commonly have titles that grab the user's attention and are related to their real-life activities. In order to respond quickly, they don't pay attention to the warning signs like grammatical errors in the title, or strange email addresses.

Usually the email contains a link, which will take you to the company's website and will ask you to fill out your personal information, but the website is a clever fake and the information you provide unfortunately goes straight to the criminals. That is how the phishing attacks work, their purpose is to steal your sensitive information and use it against you.

So, if you have experienced this type of cyberattack, you know the bad feeling, If you have not been a target of phishing email attack before, it is only a matter of time before you face it. The best thing to do is ensure the best cyber security software to prevent and block these kinds of schemes; thus you will be safeguarded and feel confident about not becoming a victim of those cyber criminals.

The term "phishing" is a spin on the word fishing, because criminals are dangling a fake lure, waiting for users to bite by providing the information the criminals have requested, such as financial information, credit card numbers, account numbers, passwords, and other valuable information.

Types of Email Attacks and the Damage they can cause

The majority of users think they can identify a phishing attack before failing one, here's why you may be mistaken. We will look at these phishing schemes and the destructive effect they can have. Phishing has evolved into many and different tactics, and as the digital technologies progress, this kind of attack continue to find vulnerabilities in users weak spots. Now let's have a close look at the most common and spread out phishing attack types.

Phishing emails are the most widely known form of phishing. That kind of cyberattack aims to steal your sensitive information via email that pretends to be from a legitimate organization like a bank or government organization.

Where the main purpose is to open the email, enter your personal and financial information or your login credentials, and steal that precious information, which can lead to serious consequences for the person who gives his information, and there is no way back.

In conclusion, we can say that these email threats are very dangerous and mean, they can cause so much damage and headaches to the users. The best prevention is to not answer these spam and suspicious emails.

What is an example of phishing email?

Email phishing is the most common type of phishing attacks. Hackers send inbound emails to as many as possible users they can obtain. The email usually tricks users by informing them that there has been a compromise to their account and they have to respond immediately by clicking on a provided link. By doing so their purpose is to gain access to users sensitive and confidential information and other accounts.

These attacks are usually easy to spot, as the language in the email often contains spelling, grammar, and punctuation errors. In some cases, it is difficult to recognize them as phishing attempts, especially when the language and grammar are carefully crafted, because they look like legitimate emails. Checking closely the email source and the link you are being directed to for suspicious language can open your eyes to see the red flags and clues as to whether the source is legitimate or not.

Another type of email phishing attack is email bombing. Which is a tactic used by cyber criminals when an account has been compromised, for example, the perpetrator has acquired your login details during a data breach where a victim's inbox is flooded with countless unsolicited emails rapidly filling up their email inbox. Often, the real attack will be masked, such as in confirmation emails for financial operational transactions using your account.

Acronis

Phishing Attacks

Have you ever received suspicious and fraudulent emails on your email account? If so, you may have been phished, because every time you set up an online account, it's likely that you are providing some form of personal information. And because sharing personal information online is so mainstream, cybercriminals want to take advantage of it with phishing attacks, where scammers try to get you to reveal sensitive information.

There are different types of phishing attacks and techniques to watch out for. To ensure you are prepared for these mean types of phishing attempts and have enough knowledge about your information security, read through this helpful guide.

Types of phishing

  1. Email phishing : One of the most common phishing attacks is email phishing. This is when a cyber criminal sends you an email pretending to be someone else in hopes that they will receive the information they have requested, and this can cause you serious problems like account identity theft. Once the attacker receives the needed information, it can be used for criminal activities.
  2. Malware phishing : Is using the same techniques as standard email phishing, this kind of attack encourages targets to download a file or any malicious attachment, or to click on the link they have sent in the email. By doing so, it starts to install malware software on your computer or mobile devices, which remains hidden and is very hard to find and delete. This is one of the most aggressive and pervasive forms of phishing.
  3. Spear phishing attacks : A spear phishing attack is a highly-targeted and well-researched kind of email attack generally focused at business senior executives, famous public personas, and other lucrative targets.
  4. Smishing : This is a case where text messages deliver malicious links to smartphone users, which are often covered as prize notifications and account notices.
  5. Search engine phishing websites : In this case of attack, a phishing website is used and set up with the purpose of collecting your personal information and valuable details about direct payments, pretending to be a legitimate website, but in fact it is a malicious website. Those kinds of fake websites use a mean tactic to reach a larger audience, not only using organic traffic, but also paid adverting for popular search terms.
  6. Voice phishing : That type of phishing attack involves a malicious caller pretending to be from a technical support team, a government agency, or another organization trying to receive personal information, such as banking or credit card details.
  7. Clone phishing : In this kind of attack, a cyber criminal compromises a person's email account, manipulates an existing email, makes changes by swapping a legitimate site link, attachment, or other with a malicious one, and sends it to the person's contact with the only purpose of spreading the infection.
  8. Business email compromise phishing : Business email compromise a phony phishing email pretending to be someone associated with the target's company in these cases, they are requesting urgent action, whether wiring money or other financial operations.
  9. Malvertising : This type of phishing uses digital and software normal-looking ads with various aspects of malicious code within.

How phishing attack works

Every spear phishing attack has the purpose of tricking a user into giving away personal details or other confidential information, and one of the most common methods of performing this scam is email. Spear phishing targets to compromise, steal, or receive sensitive personal information.

They use mean and clever strategies to trick users. Afterwards, cybercriminals use this information for harmful and criminal activities. So, every user should be concerned and pay attention before opening any email to ensure that it is safe to be opened.

Phishing defenses: why you need a multi-layered approach

A layered security approach aims to secure and protect each defensive component exploited to suspicious activity that could be the aim of a hacker, malware, or ransomware software. Multi-layered security approaches also have the main purpose of securing these critical components—networks, devices, etc, and has backups to prevent any gaps or flows.

This is an approach that utilizes various security components, collaboration tools, and controls to defend the vulnerabilities of your devices. It can be said, that these approaches form a defensive barrier around your organization, the stronger these barriers are, the stronger your overall IT security will be.

How to recognize a phishing email

Email phishing is one of the most frequent forms of cybercrime, and despite how much we think we know about the scams, they still succeed in catching us too often. According to recent research more than 81% of the organizations fell into that phishing trap. This surely leads to the conclusion, that phishing is considered to be among the biggest cyber security risks faced by organizations.

Fortunately, this can be a simple task if we know how to identify phishing emails. But how do you spot a scam email ? Let's talk about some of the most obvious facts that help us spot these phishing emails.

One of the most common and obvious things that helps to recognize phishing and malicious emails is when the message is sent from a public domain, because no legitimate organization will send emails from an address that ends in "@gmail.com". Because every organization has its own email server, domain name, and email accounts.

Another thing to look for is if the domain name is misspelled, which can be hidden in domain names and indicate phishing scams, which of course complicates our previous clue. The problem here is that a domain name can be bought by anyone from the registrar. Despite, the fact that every names must be unique, there are plenty of ways to create addresses that are hard to recognize as legitimate.

Another clue to look for is when the email is poorly written. You can often tell if the email is a scam when it is written with grammatical and spelling errors. So, it is everybody's responsibility to look for those kinds of clues that indicate if it is a phishing email. Paying attention here is the best thing you can do for taking proper email security measures for your organization.

One of the most recent clues for phishing emails you can indicate, if the email contains suspicious attachments or links. No matter how phishing emails are delivered, they all contain a payload. This will either be an infected attachment, that is supposed to be downloaded or a link to a bogus fake website. The major purpose of all phishing email attacks is to capture sensitive information, such as login credentials, credit card details, or any other important information.

The next very suspicious and indicating phishing scam fact is if the message creates a sense of urgency. The manufactured sense of urgency is equally effective in workplace scams. Criminals know very well that we are likely to drop everything we are dealing in the moment if our boss emails us with vital information or a request, especially when other senior colleagues are waiting on us.

Case study: how multi-layered phishing mitigations defended against Dridex malware

Dridex is a very mean malware program targeting its victims financial and banking information. With the only purpose of stealing account credentials to gain access to their financial accounts, sensitive data information, and assets.

This software was created with the mission to cause harm to its victims, so we can confidently tell that it is deceptive phishing software. It is a well-known fact, that Dridex is known to the audience as a Trojan, which is hiding inside destructive malicious code in seemingly harmless data. So, we will suggest our guidance to ensure better protection against Dridex malware.

  1. Make it difficult for cyber attackers to reach your users. You cannot afford for your email addresses to become a resource for cyber criminals. You must make it as hard as possible for emails from your domains to be spoofed by employing anti-spoofing controls like DMARC, SPF, and DKIM.
  2. Help users identify and report suspected phishing attacks and emails - Carefully select and consider your approach to phishing prevention training. Your users must be familiar with the forms of phishing simulations emphasized in phishing defense.
  3. Protect your organization from the effects of undetected phishing emails. Malware is always hidden in phishing emails or on websites that link to them. Well-configured and prepared devices and good end point defenses can stop malware from installing, even if the email is clicked. In the case of malware, the impact on your wider system will depend on how your system is set up to respond to malware, phishing, and malicious attachments.
  4. Respond quickly to unexpected events and incidents. All organizations will face and experience security incidents at some point. But you must be in a position to detect them quickly and respond properly. Knowing about an incident sooner rather than later allows you to limit the harm it can cause.

Some of these suggested mitigations may not be applicable to the context of your organization, at least try to implement a few of them and address at least some of these mitigations from within each of the layers.

How to prevent phishing

The best way to protect yourself or your business from phishing scams is to educate yourself or your employees about how these scams work and what to look for. Regular staff awareness will ensure that employees know the red flags to look for and what they need to do in case of phishing attempts. It's only by reinforcing advice on avoiding scams that you and your team can develop enough knowledge to detect signs of phishing emails and attacks.

Digital payment-based scams

Unfortunately, the constantly increasing number of digital payments over the last decade has also attracted fraudsters, whose main purpose is to gain profits from their victims. As providers adopt and scale digital payment capabilities to match demand, it is critical to prevent fraud and reduce losses while minimizing customer friction.

Luckily, providers have ensured good grasp of practices and tactics that criminals are using nowadays. These tactics include several key areas:

Peer-to-peer fraud.

This kind of fraud involving the popular peer-to-peer payment apps often occurs through social engineering, spam, and scams. Some scams include fake merchandise and fake charity donations, as well as account takeovers and identity theft. Which are targeted to obtain specific personal information through the dark web or malicious attachments and bots. Furthermore, fraudsters use the stolen identity information to apply for new P2P and other financial digital accounts, then use these accounts for various purchases.

Authorized push payment fraud.

This is another fraudulent technique that occurs when scammers pretend to be legitimate government organizations or businesses with the main purpose of tricking users into transferring funds to them through various types of digital payment methods.

Friendly fraud

Another fraud technique involves a user disputing a valid transaction or the use of their mobile phones, apps, and login credentials by friends and family members without the authorized user's permission. And because of this fact, the security features cannot stop this type of fraud. In conclusion, we can say that the key to good security and prevention against these fraud types is using a cloud platform and intelligent authentication.

How to detect and prevent email attacks

Nowadays, it is very difficult to detect phishing attacks, because the criminals have a variety of techniques and methods to disguise their phishing attempts as a real emails and well-known companies. Like technology, which evolves constantly, so do cybercriminals. However, there are several clues that indicate a message could potentially be a phishing attempt. These include the following clues to watch for in phishing messages:

  1. The message subdomains or misspelled URLs
  2. The recipient is using a Google email or other public email address rather than a corporate address.
  3. The message is written to invoke a sense of urgency.
  4. The email message includes a request to verify personal sensitive information, privileged access and passwords, or financial details.
  5. Another clue is when the message is poorly written with grammatical and spelling errors.

Conclusion

We are living in a world where the digital services are widely spread and constantly developing and upgrading. Therefore, with the evaluation of digital services, the risk of cyberattacks also increases enormously. These spear phishing attacks are very dangerous and can cause serious damage to companies, and of course, they cause a lot of headaches for casual users too. But if you follow the tips and advise introduced in this article, you will be able to minimize the risk of falling into the nets of the cybercriminals.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.