Phishing emails sent out to organisations and individuals are now more sophisticated than ever. Hackers have streamlined their approach in attempts to extract sensitive information from their victims – and each one of us is a potential victim.
Branded phishing emails are a common example that can trick a user as they immediately recognise the branded logo of a company either included in the body of the email and/or in the signature. The reader is requested to click on a link which directs them to a fake login page where they enter their credentials (for example under the vice of preventing suspension or closure of an account).
If you happen to hover your mouse over the link on the email you would most likely see that it is a website not relative to the company being imposed at all. The display name of the email address is also spoofed and usually the actual email address goes unnoticed and is a random registered domain which has no link to the entity or company the hacker is trying to impose. Below is an example of a branded phishing email.
The next big thing is “Spoofing” email attacks which fool users into thinking an email came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that the mail client software shows the fraudulent sender address, which most users take at face value.
Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it. They will click malicious links, open malware attachments and send sensitive data.
Another component often used in phishing is the “Reply-To” field. This field is also configurable from the sender and can be used in a phishing attack. The reply-to address tells the client email software where to send a reply, which can be different from the sender’s address.
Again, email servers and the SMTP protocol do not validate whether this email is legitimate or forged. It’s up to the user to realize that the reply is going to the wrong recipient. Below is an example of a spoofed email.
Another tactic used by attackers is called “Typosquatting”. Typosquatting is a form of cybersquatting targeting users that accidentally mistype a website address directly into their web browser URL field. Cybersquatters register domain names that are a slight variation of the target brand (usually a common spelling error).
Users are usually unaware that they're browsing to a fake website. Fraudulent website owners can trick users into providing their personal information. Typosquatting is made possible by typos or misspellings of a popular domain name.
If a user makes a mistake while typing a domain name and fails to notice it, they may accidentally end up on an alternative website set up by hackers. If these sorts of emails are not read carefully, you could find yourself heading for some serious trouble. Below are examples of a Typosquatted domains.
Lastly, the most common phishing tactic is called “spear-phishing”. Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. These emails often have attachments that contain malicious links to malware, ransomware or spyware. Additionally, the email will blatantly ask the recipient to urgently respond, for example transfer a specific sum of money or to send personal data such as a banking password.
Because the emails are written in a highly familiar tone and refer to personal information about the recipient, victims mistakenly believe they know and trust the sender and respond to the request.
It would be best practice to read every single email carefully before clicking on a link, opening attachments or responding to it with your personal information. Be sure to seek the advice of your I.T department and/or colleagues to determine the legitimacy of any emails that come through to your inbox. When in doubt, rather ignore the email and report it as spam.