According to “The State of the Phish ReportTM 2018,” approximately 76% of information-security professionals revealed that their organization experienced a phishing attack in 2017. Phishing attacks are a serious issue for businesses of all sizes and in all sectors, but the damage they cause can be mitigated or avoided entirely through an understanding of how phishing attacks work, what they typically look like and what to do when presented with a potential phishing attempt. Here, the data security experts at Atlantic Data Forensics detail what to know about phishing attacks.
Phishing Attacks Commonly Share Several Elements
While every phishing campaign will vary based on the intended target and goal, phishing emails typically share several common features. The majority of phishing emails mimic legitimate entities including major banking institutions or even HR personnel from within your own organization. Phishing emails often feature “too-good-to-be-true” offers, such as a free phone, vacation or other prize. Attempts to create a sense of urgency are also common, with phrases such as “act now,” “act quickly,” or “limited-time offer” used frequently. Hackers may claim that the failure to act in a quick manner may result in your bank account, social media page or other online asset being terminated or locked. Hackers encourage click-through by referencing important or time-sensitive material, such as an impending shipment, overdue invoice, tax return form or airline ticket confirmation. The body of a phishing email will often contain numerous spelling and grammatical errors, and emails may arrive at unusual times of day, such as in the middle of the night.
Hyperlinks and attachments are also a common feature of phishing emails. Hyperlinks often appear to be popular websites, but with a simple misspelling or change—for example, www.facebook.com may appear as www.facebok.com. Zip files (.zip) are the most common attachment included in a phishing email, followed by PDF files (.pdf) and EXE files (.exe).
Phishing Attacks Often Trigger Malware or Ransomware Attacks
The ultimate goal of a phishing email is not just to send an email, but rather for any attached files or hyperlinks to be opened. Through these files and links, hackers may be able to send viruses, malware or ransomware to your computer, and these malicious software programs can then compromise or steal personal or company data. Hackers may also include links to web pages they have developed that look like a login page for your social media or bank accounts, allowing them to steal personal information directly. Once personal or corporate data has been compromised, it can be a highly complex and difficult process to secure and protect it.
Phishing Attacks Can Be Prevented
Ultimately, many phishing attacks can be prevented through several best practices. Spam filters can be installed to help ensure fraudulent emails do not reach your inbox. Browser settings can also be altered to prevent fraudulent websites from opening, even if a link to the site is clicked.
One of the most effective ways to prevent phishing attacks is to use caution and good judgment when opening emails. If you are sent an email that seems unusual, ask yourself the following questions before opening it:
- Is the sender unknown to me, or a known sender with an incorrect or unusual email address?
- Does the email include an unusual request, such as a request for banking information, account information or personal information?
- Does the email attempt to create a sense of urgency or threaten to lock your account should you not respond?
- Does the email include unusual or large attachments, specifically .zip, .pdf or .exe files?
- Does the email include hyperlinks to sites that do not start with “https?”
- Does the email contain numerous spelling and grammatical errors?
Emails that meet many or all of these characteristics should be deleted immediately. Most email providers also offer ways for users to report emails that they believe to be spam or phishing attempts. If you receive a suspicious email from someone claiming to be affiliated with a major company or institution, you may also report the email to the specific institution.
Atlantic Data Forensics Can Help Your Company Quickly Handle the Effects of a Phishing Attack
While some phishing attacks are not particularly sophisticated and can be easily spotted, others may be more subtle, and even the best prepared organization may be at risk of exposing personal or corporate information to hackers. Should this occur, it is critical to act quickly to minimize the potential damage. Atlantic Data Forensics’ data security experts have years of experience helping corporations handle hacking or data theft events, ensuring that the issue is resolved quickly, discreetly and effectively. If your business has experienced a hacking or data theft event, do not wait—contact Atlantic Data Forensics immediately.