What is Email Phishing and how to detect & prevent phishing emails?

What is Email Phishing? How to detect a phishing email?

Email Phishing is a form of social engineering. Phishing is the method of sending a deceptive email to make the recipient reveal sensitive information, click on a link, or download a malicious file. Email phishing has been around for a long long time. Over time, bad actors are getting clever and getting more sophisticated. Phishing emails almost always ask the recipient to take any action from the email. The sender (bad actor) might use authority, familiarity, urgency, and scarcity as the tactics to get the recipient to take action. What are some most common phishing types?

Spear phishing:

Spear Phishing is sending phishing emails targeted at one single individual or a group of people. Spear phishing emails are generally more sophisticated than regular phishing emails. It might involve the recipient’s personal details which have been gathered from a data breach or from social media.

Whaling:

Whaling is sending phishing emails targeted at the senior management of a company. For example, CEO, CFO, etc…

Vishing:

Vishing is the act of social engineering people over the phone. Similar to phishing but the medium used to communicate is Telephone. These types of attacks are increasing recently.

Smishing:

Although we don’t hear this term often it is nothing but phishing via SMS messages. Sending SMS to the recipients and asking them to click on a link.

How to spot Phishing emails?

Although these emails are getting more sophisticated here are the 5 ways to spot a phishing email.

Sender address

The most common giveaway in detecting phishing email is checking the sender's email address. Either the email is sent from a personal email address like gmail, yahoo mail, hotmail, etc… or the sent from a similar looking email domain. For example, your organization email domain is Microsoft.com and you received the email from Micr0soft or Mlcrosoft or something similar. If the email is coming from your email domain and looks suspicious report it to your IT department.

Grammar

These phishing emails are usually poorly written. Grammar and spelling mistakes are quite common. You can also spot generic things like currency being $ although you are outside the USA and sometimes no currency at all. The emails also start with generic terms when addressing the recipient. Something like ‘Dear sir’, ‘Dear customer’, ‘Dear madam’, etc…

Links

Almost all of the phishing emails are asking the recipient to take an action. Usually by clicking a link or replying to the email with the details. If the email is asking you to click on a link ask yourself ‘are you expecting this email?’, ‘Is this genuine?’, ‘coming from a known source?’. You can also check the hyperlink by hovering your mouse over the hyperlink. Is the link really taking you to the place that it said it would? This of the latest COVID-19 related phishing emails recently.

Urgency

The phishing emails use urgency, scarcity, authority, familiarity and intimidation to make the recipient take an action quicker. Ask the same questions that were described in the above ‘links’ section.

Attachments

Some phishing emails are sent with malicious attachments that contain some sort of malware or payload. Only open the attachments only if you are 100% sure they come from a genuine source and you are expecting the attachment. The attachments can come in many forms like Doc, PDF, ZIP, etc…

How to prevent a phishing attack?

95% of the successful cyber attacks start from an email. We looked into how to detect the phishing email above and lets into how to prevent a phishing attack. Preventing phishing attacks 100% can be too ambitious. However, our goal here is to reduce the risk to an acceptable level. There are two different types of controls to prevent phishing attacks. Technical controls and administrative controls.

Technical controls:

Technical controls such as enabling anti-spoofing and two-factor authentication can mitigate the risk of phishing attacks substantially. Anti-spoofing can be enabled on your email filtering solution. It essentially stops the emails from your own email domain but is created external to the organization. Then two-factor authentication stops bad actors from compromising the email accounts.

Administrative controls:

Administrative controls such as Security Awareness Training for the staff and robust procedures about updating sensitive details about suppliers/customers can mitigate the risk too. Although technical controls to mitigate the risk of phishing attacks work well there is no substitute for training your staff and increasing awareness across the board. End of the day, it is the end-user who is interacting with these emails and they are the ones who will be taking action.

There are a number of Security Awareness training companies with ready-made training content. We recommend KnowBe4 Email Phishing and Security Awareness Training platform. (disclaimer: We are one of the biggest KnowBe4 partners) Others include Cofense, Proofpoint, Cybsafe, etc… KnowBe4 is the leader in Gartner’s magic quadrant as well as the highest-rated & reviewed platform on Gartner’s peer reviews. The most famous social engineer Kevin Mitnick is part of KnowBe4 and he is one of the leading content creators on the platform too.

Please get in touch if you have any further questions or if you need help with your Security Awareness Training program. You can always kick-off by measuring your Phish Prone percentage.