Home What you need to know about phishing

What you need to know about phishing

Can phishing be prevented?

How to stop phishing emails: Advanced cyber security protections can block email phishing attempts. Nonetheless, a large volume of phishing threats do make it past network and email filters. In deciding on a technical phishing solution, ensure that your solution provides clear visibility into phishing threats. Ensure that your phishing tools provide you with phishing attack indicators and key metrics that can help you asses an attack’s potential.

Another means of stopping phishing includes combining cloud security and anti-phishing mechanisms. Solutions like CloudGuard SaaS, can deploy between an inbox and native security, securing inbound, outbound and internal emails from phishing threats. Zero-phishing technologies can prevent credential re-use and other issues that lead to successful phishing attempts.

Anti-phishing technologies for mobile devices are essential. These technologies enable businesses to thwart zero-day phishing threats through the inspection of web pages. In conjunction with SSL inspection features, zero-phishing for mobile phones can enable near total protection from phishing.

One of the best means of avoiding phishing attacks is to regularly provide phishing education to your employees and to ensure that everyone knows the tell-tale signs of phishing threats.

Can phishing be detected by firewalls?

Firewalls can function to protect computers from phishing. However, specific anti-phishing tools may serve a company better than the use of firewalls in reducing phishing threats.

Anti-phishing software can block sophisticated phishing threats, from Business Email Compromise, to impersonation attempts and more. This type of software is available for all types of endpoint and mobile devices.

Software for phishing attempts can remove the risk of URLs that may be malicious, protect against suspicious links in real-time, identify new phishing campaigns and more.

Can phishing emails disappear?

Yes. In some instances, an email sent with a special type of distribution management tool can disappear from an individual’s inbox after a specified duration of time. Alternatively, the email may still be in the inbox and yet the spammer may have altered it.

A cyber criminal can create policies that determine the length of time for which an email remains on the server. Cyber criminals can also decide on whether a message may be copied or saved.

Software exists that enables an email sender to manipulate the content of the email after the email has been sent. This type of software is used by impulsive senders and by editors who may need to alter content post-production.

Gmail, from Google, also offers users the opportunity to “set a message expiration date” and to “revoke message access at any time”. Confidential mode assists users in safeguarding information that may be sensitive in nature. Persons who are not authorized cannot share or print emails sent in confidential mode.

Can phishing emails install malware?

Yes. Scam emails can include malicious links or attachments that can install malware onto devices. The malware installed may include spyware, ransomware or other types of computer viruses. If a phishing attempt is successful, an individual may find that his/her personal information has been compromised, his/her list of contacts may have been contacted illegitimately, that data may have been erased or that the hacker has taken full control of the device itself.

When it comes to emails that may install malware, “Clone phishing” is especially dangerous. Clone phishing is when a cyber criminal replicates an email that already exists in your inbox (say, from your boss), but manages to wrangle a malicious link or attachment into the email. These instances of email phishing are particularly challenging to identify and many people do not know to watch out for them.

For high-net worth individuals, spearphishing emails represent a serious malware risk. These emails spoof an individual’s bank, boss, or other routine sender of emails. If a business leader falls for a spear phishing attack, an entire business may acutely feel the effects.

Phishing by text message?

Yes, scam artists send phishing messages by SMS (Short Message Service) or text. This type of phishing is commonly known as “smishing” (a portmanteau of “SMS” and “Phishing”). The term came into common usage in the late 2000s. The mass adoption of smartphones, a nearly decade later, increased the ubiquity of the term.

Several different types of smishing tricks exist. Hackers may attempt to persuade a person to reveal credentials. Getting a user to give up a username and/or password can provide a goldmine of valuable resources to hackers. Impersonation of an individual’s banking institution is a common means that hackers use to obtain peoples’ credentials.

Bank smishing often gives hackers what they want. People know that their banks really do send them text messages about suspicious activity or two-factor authentication. As a result, it’s easy to fall for these types of text messages.

“Smishers” may also rely on technological techniques that enable them to hide their phone number. They’re effectively able to make text messages appear as though they’re from a bank. A cell phone may automatically aggregate these texts with legitimate text messages that a person has genuinely reieved from their bank.

Smishers may send texts to get people to download malware. A convincing looking text messages may convince individuals to quickly download a malicious app. Think about a text message that looks as though it’s from a local public institution, a non-profit group, or another service-focused enterprise. Despite the fact that app stores have policies and technologies in place to identify malicious apps, one may slip through and can then easily make its way into a smishing message.

Smishing attempts may also aim to trick a person into electronically dispersing monetary resources. Remember the nicely dressed con artist on the street corner who used to say that he needed bus fare to Boston? This is the electronic equivalent of that age-old urban scam. In some instances, smishers may impersonate an individual’s friends, as they appear on Facebook or Twitter, to con them out of money. In at least one notable instance, a hacker impersonated a local clergyman, and managed to con a victim out of cash that would supposedly go to charity. The scammer kept the money instead.

Can phishing be done by phone?

Yes. The term “phishing” often broadly refers to technologically-based scams. Phishing phone calls have also been dubbed “vishing” attacks. Vishing is a portmanteau of Voice over IP and phishing. Fraudulent phone calls may involve the impersonation of a familiar local group, institution or company. The scam artist typically leverages tactics to prey on a target’s emotions.

Vishing attacks are increasing and becoming increasingly, well, vicious. According to a report, 75% of cyber criminals already had personal information about victims in advance of the scam call. This information could be used to encourage the victim to trust the scammer. More information leads to more money for scammers.

Who created phishing?

Online phishing threats began in the mid-1990’s, with the intention of luring users to voluntarily hand over personal information. Website scams and email scams have been around for nearly 30 years, and they’re still massively popular among hackers. Phishing scams routinely evolve, and now include sophisticated social engineering techniques. Back in the day, most phishing attacks were blasted to a large number of people and only swept up a few individuals. Now, phishing attacks may uniquely target high-value persons in the hopes that gaining their digital credentials will unlock valuable materials.

Are phishing emails dangerous?

Modern phishing schemes can cost organizations millions of dollars. On the individual level, phishing schemes may result in lost monetary resources, stolen social security (or similar) numbers, stolen account information, and phony calls, texts or emails.

Are phishing emails illegal?

Because phishing is a form of identity theft, it is illegal. Individuals responsible for phishing attempts can be prosecuted for criminal actions anywhere in the world. Nonetheless, phishing is difficult to prosecute, as perpetrators often reside outside of the victims’ country.

In the United States, 23 states and Guam have implemented specific phishing-related laws. In court cases, federal US laws around wire fraud are often used for the purpose of penalizing phishers.

Certain international guidelines can assist organizations in differentiating between phishing, spam and appropriate mass-emails:

  • The CAN-SPAM act also provides guidelines around what types of mass emails are considered acceptable to send and what kinds are not.
  • In Canada, Anti-Spam Legislation offers insights into acceptable commercial use of electronic messages.
  • In Europe, a patchwork of anti-spam laws exist across European countries.
  • Asia, Africa and South America have more minimal spam laws. Nonetheless, all three require opt-out notices.
  • In Australia, an anti-spam act assists citizens in defining the nature of acceptable electronic communications.

Are phishing emails easy to spot?

Phishing emails can be easy to spot. Spelling errors, grammatical inconsistencies and poor punctuation are all signs of a phishing email. However, other phishing emails can easily fool the eye. In some cases, malicious links are embedded into the body of email text. To avoid falling victim to these scams, allow your computer mouse to hover over each link. This will allow you to evaluate whether or not the URL looks suspicious.

Alternatively, hackers may add attachments that end in .exe to an email. These types of attachments could include malicious URLs, or they could directly install a virus onto your device or network. Anti-virus software can help guard against these types of threats.

Other phishing emails may attempt to manipulate a person’s emotions. Phishing emails commonly try to elicit a sense of panic in the recipient. For example, the text of the email may mention that your data has been stolen, and that they need you to verify your Netflix login information. People can avoid falling victim in these scenarios by simply considering whether or not the phishing email is making a logical request.

Why phishing is successful

Phishing is typically successful on two accounts; when people are inadequately educated about security and when people lack security mechanisms on their devices. According to a Verizon report, 4% of phishing campaign targets will fall victim to a given attack. Despite the fact that this number may sound small, 85% of organizations report that employees have divulged information to phishers or social engineers.

Modern phishing attacks can be difficult to detect. As noted earlier on this page, phishing emails may include malicious links, malicious attachments, or stealthy requests for information. The fact that phishing attacks can take many forms has also helped transform phishing into a uniquely successful deception strategy.