Email is one of the primary ways in which we communicate. We not only use it every day at work, but also to stay in touch with our friends and family. In addition, email is how companies provide many products or services, such as confirmation of an online purchase or availability of your online bank statements. Since so many of us depend on email, email attacks have become one of the primary attack methods used by cyber criminals.
Phishing was a term originally used to describe email attacks that were designed to steal your online banking username and password. However, the term has evolved and now refers to almost any email-based attack! Phishing uses social engineering, a technique where cyber attackers attempt to fool you into taking an action. These attacks often begin with a cyber-criminal sending you an email pretending to be someone or something you know or trust, such as a friend, your bank or favorite online store. These emails then entice you into taking an action, such as clicking on a link, opening an attachment or responding to a message.
Cyber criminals craft these emails to look convincing, sending them out to literally millions of people. The criminals do not have a specific target in mind, nor do they know who will fall victim. They simply know the more emails they send out, the more people they may be able to fool. Phishing attacks work one of four ways:
Harvesting information is when a cyber attacker fools you into clicking on a link that takes you to a fake website that asks for your login and password, or perhaps your credit card or ATM number. Remember, these websites look legitimate, with exactly the same look, imagery and feel of your online bank or store, but they are fake websites designed to steal your information.
Infecting your computer with a malicious link occurs when you click on an unknown link and are directed to a website that silently launches an attack against your computer. If this attack is successful, the attacker will gain full control over your system.
Infecting your computer with malicious attachments occurs when you click on an unknown PDF file or word document in an email. If you open these attachments, the attacker could gain full control over your computer.
A scam is an attempt to defraud you. Examples include; notices that you’ve won the lottery, charities requesting donations after a recent disaster or a dignitary that needs to transfer millions of dollars into your country and would like to pay you to help them with the transfer. Don’t be fooled, these are scams created by criminals who are after your money.
In most cases, simply opening an email is safe. For most attacks to work you have to do something after reading the email (such as opening the attachment, clicking on the link or responding to the requestor with personal information). Use caution with the following indications:
- Be suspicious of any email that requires “immediate action” or creates a sense of urgency.
- Be suspicious of emails addressed to “Dear Customer” or some other generic salutation.
- Do not click on links (instead, copy the URL from the email and paste it into your browser).
- Be suspicious of grammar or spelling mistakes (most businesses proofread their messages).
- Hover your mouse over the link (this will show you the true destination of the link).
- Be suspicious of attachments and only open those that you were expecting.
- If you get a suspicious email from a friend or colleague, call them to confirm that they sent it.