What is phishing email? (and how to prevent it)
Email phishing can be hard to detect, cost your business thousands of dollars and damage your reputation, so how can you protect yourself against these attacks?
What is phishing email? Email phishing is a social engineering attack that tricks users into clicking a link from an email, allowing the cybercriminal to steal private information or infiltrate your network.
What is Social Engineering?
Social engineering exploits the human element in large-scale computer attacks. While a computer system may have dozens of security measures and controls in place to protect data, this information is accessible to users, as it should be, because data without a user or administrator is somewhat worthless. Social engineering attacks will target these users through social means: phone calls, emails, document retrieval, even dumpster diving and on-site scams.
Social engineering is such a well-known form of attack that some of the earliest hacks were social engineering attacks. While we often get the image of WarGames-style hacking from terminal security, the truth is that most data breaches start with a human attack vector.
Some social engineering attacks include the following scams:
- Video games and floppy disks: Elk Cloner, one of the first computer viruses, spread through floppy disks masquerading as video games as early as 1989.
- Deepfakes and scams: In 2019, a caller using voice technology called the CEO of a British energy company claiming to be the CEO of its parent company. The caller convinced the CEO to transfer €220,000 to a fraudulent account.
- Spear Phishing and Politics: The 2016 presidential election email leak included the loss of thousands of emails from the Democratic National Convention database and the launch of several additional attacks from DNC-based email domains . The origin of the attack was attributed to an email containing a malicious link hidden behind a bit.ly shortening, targeting DNC IT engineers.
- Drinking troughs and false sites: Hacking group Lazarus launched several attacks on sites in 2017, replacing them with fake sites with links sending users to untrustworthy sites or infecting their browsers.
These attacks rely on deceiving users to take actions that compromise the computer systems they use every day.
How is email phishing a social engineering attack?
Email is by far the most popular form of digital communication used by consumers and businesses around the world. The ease with which emails can be sent, spoofed and exploited for mass email campaigns makes it one of the most common social engineering attacks.
The term “phishing” denotes the expectation of attack: using the right “bait” in an email, they can trick a reader into performing a specific action: clicking a link, sharing a file, or providing credentials connection. The bait, in this case, is a legitimate-looking email that appears to come from a real person or an established organization.
Therefore, phishing is a social engineering attack because it relies on a lack of knowledge on the part of the victim. Using deception, the attacker tricks the person into giving them credentials. Because it relies on targeting a victim in an organization rather than IT infrastructure, it can be very successful.
These attacks are so successful that there are several types of email phishing:
- Phishing: Typical phishing often follows a “spray-and-pray” approach where thousands of emails are used to target large numbers of victims in a somewhat indiscriminate manner.
Spear phishing narrows the target to someone specific, such as a certain type of engineer or professional within an organization. These users are often more likely to have advanced access to system resources, and likewise the phishing attack will appear more sophisticated.
- Whales hooking: A form of spear phishing, whale phishing targets the highest levels of an organization, such as the C-Suite. Unfortunately, while we might assume that these executives are more tech-savvy than others, this is often not the case in the face of sophisticated phishing attempts.
- Phishing Clone: In this attack, a hacker accesses an email account and finds an existing element in an email, like a signature link or something else, injects malicious code or links, and sends seemingly legitimate emails to contacts of this account. This attack can continue as long as at least one person continues to open emails and provide access to their email account.
- Compromise of professional messaging: A hacker gains access to tools that allow them to spoof professional domains and send emails that appear to be from a specific person in that organization (a manager, the IT system administrator, etc.) and require quick action such as providing login information or sending social funds.
Why is phishing email such a popular form of attack?
Phishing is a successful social engineering attack, and statistics have shown that it is by far the most common form of attack. According to a Verizon report, companies surveyed report that 25% of all breaches are directly related to phishing, and 85% of breaches involve human error or social engineering.
The reason why phishing works so well is threefold:
- They are easy to launch: Emails are simple to send, and with a little knowledge of business email templates, email address spoofing, and persuasive language, they can send thousands of emails. ’emails that appear to come from a legitimate company, such as PayPal or Microsoft. With the right information, phishing scammers can send emails to company employees that appear to be from someone inside the organization.
- Low success rates are always successes: Even with large-scale phishing campaigns, a low response rate can provide critical access information to a user or the corporate computer system. Such a set of credentials may be sufficient to grant full access to a system.
- People are the weak link: Email is one of those technologies that everyone uses. Often people do not pay attention to what is happening to them. So, if a message appears to come from a legitimate corporate domain or company, many users will consider it an authoritative email and won’t ask questions.
How can I recognize a phishing attack by email?
Even the most sophisticated phishing attacks will have flaws. It is up to a population of knowledgeable and well-trained employees to see these flaws and remove (and report) phishing emails when they see them.
Some common markers of a phishing attack are:
- Fake email addresses: Poorly structured emails can still spoof an email address description so that it appears the email is from somewhere else. Or, more commonly, these hackers will use a common company name inside a fake domain address to trick victims.
Employees should be able to look at the details of the email to determine who the address is, and employees should also recognize fake domains, for example, the real domain name microsoft.com versus the fake domain like microsoft.customersupport.com. These fake addresses will often look official without actually coming from where they claim to be.
- Requests for personal information: Today, almost every company in the world has internal and external policies against ever asking for personal information or login credentials. An email that simply requests them should be immediately deleted and reported.
- Misleading Link URLs: Phishing attacks often make use of the fact that users don’t look at the URL of a link or button before clicking. All browsers will have a mechanism where they can hover their mouse over a link or button to see the URL, and if it’s not somewhere it claims to go, then it’s a scam.
- Misspellings, broken text and patterns: Many phishing attacks are sent via foreign or state-sponsored attackers using autofill templates. Sometimes these templates don’t fill out correctly, have lots of typos, or read broken English, all of which are clear signs that it’s a phishing attack.
- Attachments : The classic delivery vector for viruses and malware are email attachments. No one should ever click or run an attachment from an unknown email. This is doubly the case for an executable file.
Strong authentication for strong anti-phishing protection
Weak authentication is one of the main weaknesses exploited by phishing attacks. If a hacker obtains a password, there is little to prevent them from accessing system resources.
Suppose you have implemented secure identity management solutions capable of handling advanced biometric, multi-factor, or passwordless authentication. In this case, corporate user accounts are much less likely to be compromised by email phishing.
1Kosmos BlockID provides authentication support that prevents hackers from exploiting weak systems (weak passwords, misinformed users, or single-factor authentication). BlockID comes with the following features:
- Identity proof: BlockID includes Identity Assurance Level 2 (NIST 800-63A IAL2), detects fraudulent or duplicate identities, and establishes or reestablishes credential verification.
- Identity-Based Authentication Orchestration: We are pushing biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through the triangulation and validation of credentials.
- Integration with Secure MFA: BlockID easily integrates with a standard API for operating systems, applications, and MFA infrastructure at AAL2. BlockID is also FIDO2 certified, protecting against attacks that attempt to bypass multi-factor authentication.
- Cloud-native architecture: The flexible and scalable cloud architecture makes it easy to build apps using our standard API, including private blockchains.
- Privacy by Design: 1Kosmos protects personally identifiable information in a private blockchain and encrypts digital identities in secure enclaves accessible only through advanced biometric verification.
To learn more about phishing and authentication prevention, read our identity-based strong authentication white paper by 1Kosmos. Also subscribe to our newsletter to stay informed of news and product launches.
What is phishing email? (& How to Prevent It) appeared first on 1Kosmos.
*** This is a Security Bloggers Network syndicated blog from Identity & Authentication Blog written by Maureen. Read the original message at: https://www.1kosmos.com/authentication/email-phishing/