Identifying and Preventing Email Phishing Attacks

Criminals use phishing, a type of online scam, to impersonate legitimate companies to steal sensitive information. Why is this scam referred to as phishing? The term “phishing” is a spin on the word fishing because criminals dangle a fake “lure”— that looks legitimate and is sent from a reputable company—hoping to get users to “bite” by providing sensitive information like account numbers, passwords, usernames, and credit card numbers. The attacker tricks the recipient into entering information in response to their message or on a website designed to steal or sell his or her data. This is often not an attack to target a specific individual and can therefore be conducted en masse.

Phishing is the most common way in which cybercriminals attack businesses. In fact, phishing rose 61 percent in the past year to more than one million attacks.

The impact of an attack

A successful phishing attack can result in many different consequences and can impact an organization’s finances and reputation including:

  • Business disruption: An attack can lead to a company’s customers’ inability to access online services and employees’ unable to work. This often results in a loss of customers and productivity.
  • Loss of data: Scammers use phishing to install malicious software on a user’s device. Once infected, they have access to files and gain the ability to track the user’s digital movements.
  • Monetary theft: Financial theft occurs when cybercriminals steal an organization’s money, equipment, and/or intellectual property. Another form of monetary theft is using extortion and payment demands in return for the release of sensitive data and information.
  • Damaged reputation: Data breaches cause damage to a company’s reputation due to a loss of public trust and the resulting negative impact on its brand.

Types of email phishing attacks

Most phishing attacks are sent by email. 3.4 billion fake emails are sent each day resulting in over a trillion annually. The following are some of the most common types of email phishing attacks:

  • Attachments: Most organizations’ email filters scan for known phishing URLs in the body of the email. To get around this, phishing emails that contain a malicious attachment infected with viruses and other malware are common. The attachment is often disguised as an invoice, delivery note, or some other lure designed to get the recipient to open it.
  • Links: The more links an email includes, the less likely the user is to check every link. Therefore, cybercriminals hide malicious links in email text and/or signature blocks. Scammers also make the body of an email look like text but in actuality, it’s a clickable image hosted on a fake phishing site.
  • Spoofing: When a scammer disguises a phishing attack by tricking the recipient into thinking the message came from a person or entity they know and trust—a colleague, vendor, or business—it’s referred to as spoofing. These emails often include a call to action that’s convincing enough to get the email user to take the action requested.

Related: Types of Phishing

Identifying attacks

To detect a phishing email, look for the following signs:

  • A sense of urgency: An unusually assertive email subject line and/or body text that conveys a sense of urgency can signal fraud. Scammers are trying to instill a false sense of urgency to trick you into acting quickly without carefully reviewing the email. Always be suspicious of emails that claim you must click on a hyperlink or open an attachment immediately.
  • Mismatched email domains: If the email claims to be from a reputable person or company but the email is sent from another email domain like Gmail.com, it may be a phishing attempt.

For example:
FROM: Michael Hensley <hensleym@lumestategies.com> versus
FROM: Michel Hensley <crazy_address123@gmail.com>

Check that the ‘from’ email address matches the display name and that the ‘reply to’ header matches the source.

  • Unanticipated or unusual attachments: If you receive an unexpected or suspicious email attachment that is not relevant to the work you are doing, never open it. When in doubt, call the sender to verify the email and attachment.
  • Use of hyperlinks: Always hover over an email hyperlink before clicking it to see the URL and verify its legitimacy. If the link misdirects you or links to an IP address or a foreign domain, it’s more than likely not legitimate and could be malicious.

Related: Indicators of Phishing

Protect your organization’s emails

78 percent of email users understand the risks of hyperlinks in emails but still click them anyway and 97 percent are unable to recognize a sophisticated phishing email. A multi-layered security approach can improve your organization’s resilience against phishing and minimize any disruption that does occur from a successful attack.

Lume’s cybersecurity services feature a layered approach to protection and responsiveness: endpoint protection, DNS protection, and cybersecurity training. Pick and choose a standalone product or bundle it with other services to implement the most holistic cybersecurity solution. Contact us for more information.

Related: Beware of Phishing Scams

This blog was written by Lume Strategies Director of Professional Services Michael Hensley.