Identifying Phishing / Spear Phishing E-mails

With the recent uptick in cybersecurity attacks, we wanted to share some reminders from our cybersecurity training on recognizing Phishing and Spear Phishing e-mails. While our e-mail filters work to protect from junk e-mail, malicious attachments (such as those commonly found in .ZIP files) and links to harmful websites, it still important to be aware of e-mails that use Social Engineering. This is when an e-mail sender attempts to trick you into giving up important information.

The e-mail itself does contain any harmful components, so it would not be flagged as spam or phishing by the e-mail filter. Rather, it depends on being able to convince you to willingly send sensitive information. There are several very common ploys that unfortunately ensnare millions of people. The following are some quick clues that can help you to identify these traps.

  1. Sense of Urgency /  Emotion
    1. An invoice is late and services will soon be suspended
    2. You have ignored an important e-mail and the sender is annoyed
    3. A colleague is in trouble and needs your assistance right away
    4. You are presented with an invoice for a large sum for an unrecognized purchase
  1. A sudden change in practices
    1. A company is no longer accepting paper checks, you should rather send payment ACH or wire
    2. The ACH or wire instructions have suddenly changed
    3. The sender is making an unusual request and cannot be reached by phone
    4. There a request for payment through unusual methods (iTunes cards, Visa Cards, Western Union)
  1. Multiple steps
    1. You need to open an attachment, then sign into a website with your username and password
    2. You have received an e-mail for an unexpected purchase, and you need to call a number to dispute the charge
  1. Impersonation
    1. Display name is someone you know, but the e-mail is different – Joe Santifer bill321@gmail.com
    2. E-mail is misspelled  -Joe Santifer joe@netwizeinc.net

These last scenarios are especially difficult for e-mail and spam filters to recognize.

“Joe Santifer” and “Joe Santifer” both appear the same to our eyes. But the second name was written using the Cyrillic Character set for the letters “J” and “S”. To a computer these are completely different spellings. So a phishing rule that looked for “Joe Santifer” would not catch “Joe Santifer”, or any of the thousands of other iterations, that are possible with hundreds of different character sets.

The same with misspellings of domain names (netwizeinc.net). So, for the foreseeable future, we will have to take a few seconds to examine an e-mail before we respond and especially before we send any confidential information. In the meantime, please continue to be vigilant and please continue to forward to us any suspicious e-mails you receive.

NetWise IT is always here for your networking, security and infrastructure needs.