“Give a man a fish and you feed him for a day. Teach a man to PHISH and he will steal your company’s money”.
(Quote by an unfortunate phishing victim)
E-mail exploits have been in the news a lot lately. Our inboxes are constantly under attack. The most common and lucrative for criminals method to extract passwords and other sensitive information is through phishing. A phishing attack, or a phishing scam, is when a rogue party sends an email pretending to be someone (e.g. an officer of your organization) or something he is not (e.g. Microsoft), in order to extract sensitive information out of the target. A more specific attack against an individual or a small group of employees is called spear phishing. As the name suggests, spear phishing is used when a criminal is targeting either one, or a limited number of people using a more personalized approach. A spear phishing attack can be highly effective, because the attacker can use tailored language to impersonate individuals and inject themselves into email threads.
- 76% of organizations reported phishing attacks in 2017.
- Last year saw 65% increase in phishing attacks
- According to the Verizon Data Breach Investigations Report, 30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.
- In 2018 Symantec reported that the average user receives 16 malicious emails each month
- Security firm Vade Secure reports the top five most impersonated brands in North America in 2018 were Microsoft, Netflix, PayPal, Bank of America and Chase.
We, at Netblaze Systems have all seen them and they range from very obvious to fairly sophisticated. In this post I compiled a few examples so you can better recognize them and save yourself (and us ?) some serious trouble!
Now – on to the fun technical stuff!
This is an example of a poorly-constructed phishing email purporting to come from Microsoft Office 365. I went a little crazy and marked up the whole thing:
Another Office 365-type phishing attempt, but much improved – notice better graphics and language:
…hovering over the link above quickly shows where you will be going if you click – here:
Here’s another fraudulent email from “Office 365”:
If you look at the “From:” below, you’ll see that the actual email address is firstname.lastname@example.org, not Office 365 or Microsoft. When “mousing” over the link we get www.thespiralfoundation.org. I don’t know what they used to do, but since they’ve been hijacked – probably nothing good:
This one is a spear phishing attack:
It appears to come from “Al Smith” (name changed for anonymity but actually a real person within the organization) to another person in the same org. There is no link to click, no immediate call for action. This is more sophisticated as it appears to be a beginning of conversation to obtain information for future impersonation attacks. Still… the email address of the sender does not match the name:
To sum it up, phishing attacks are on the rise and they are becoming more sophisticated. The reason is simple – they work!
What is the best way to protect yourself?
- Be aware and think before you click! Stay frosty!
- Have your IT provider use DNS options like SPF, DKIM and DMARC to improve email security.
- Use specialized tools which recognize and thwart these attacks. We and our customers use Mimecast, which is an industry leader.
- Use Targeted Threat Protection in Office 365 – a good option to augment your Office 365 anti-phishing toolset.
- Give us a call to discuss – we work on these issues all the time and will provide the right option for your organization!