Identifying a phishing email isn’t as easy as you might think. In fact, millions of people fall for bogus emails asking them to reset their Microsoft Outlook password, renew their TV license, or sign into their Apple account, every day.

This form of cyber-attack was also the reason Russian hackers were able to access the National Democratic Committee’s emails back in 2016. The Russians had sent an email to Hilary Clinton’s campaign manager John Podesta and subsequently gained access to his emails.

Phishing – where an attacker persuades their victim to click a link and enter details or download malware – is becoming increasingly sophisticated. Criminals will scour social media profiles for clues about a person and use these to perform targeted attacks.

It’s therefore no surprise that this is the most common type of cyber-attack, accounting for 1% of all emails sent today.

Google – owner of Gmail, a major target for phishing – thinks it can help people spot dodgy emails: the firm’s parent company Alphabet’s subsidiary Jigsaw has created a handy quiz to test people’s credentials. Many of you will feel confident, but be aware that this – albeit perfectionist – cyber security journalist took the quiz and only got seven out of eight correct.

Interestingly, these are based on real life attacks, so are able to really test your abilities to spot phishing attempts in the wild. Interested? You can take the phishing quiz here.

Why do people phish?

As Justin Henck, Jigsaw product manager, says in a blog, phishing is about stealing your password. He explains: “Attackers send you an appealing message — maybe free money, a faraway prince who needs your help, or a bogus security alert — that includes a link where you’re asked to enter your personal information or password, giving attackers access to your account.”

Although email services such as Gmail catch the vast majority of these bogus messages, some will still manage to get through.

And he warns that other phishing messages might look like a legitimate email written by someone you know. “These so-called spear-phishing attacks are often one of the first steps of larger cyber-attacks, where attackers use a carefully constructed email to fool someone into entering their login credentials into a fake page.”

 

Avoid being phished

There are several other steps you can take to avoid this type of cyber-attack. For example, if you haven’t already, it makes sense to activate two-factor authentication on all your services. “When you have two-factor authentication enabled, even if an attacker successfully steals your password they won’t be able to access your account,” says Henck.

He also recommends a Chrome extension called Password Alert “that protects you from entering your Google password in a fake login page”.

Of course, it’s also important to be able to spot attacks in the first place. Apart from taking the quiz, it helps to keep up to date on the latest threats. This is in addition to following best practice when reading and opening emails.

Do not click on links you are unsure of – and even if you think it is safe, always check the URLs. Be wary of any emails containing a PDF as these could contain malware and if you must open them, be sure to check and double check who the sender is first.

Top phishing emails of 2018

It’s also useful to take a look at the most-clicked phishing emails of 2018, as revealed by security awareness training company KnowBe4. The most common “in the wild” attacks include subjects such as, “Apple: You recently requested a password reset for your Apple ID”, “Amazon: Your order summary” and “Office 365: suspicious activity report”. Popular categories for phishing messages included deliveries, passwords, company policies, vacations and pretending to be an IT department. Popular keywords included Amazon, Wells Fargo and Microsoft.

 

Source:Forbes

 

Load More By Robert Zackman
Load More In Guides

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Regulation of Cryptocurrencies Around the World

Cryptocurrencies have been growing at a tremendous rate. All the corresponding assets to w…