Phishing scams are a major threat to all email users, especially businesses. The scary part is that they’re becoming increasingly sophisticated. Phishing emails popped up sometime in the early 90s. However, back then, they weren’t too hard to detect. For instance, typos were commonplace in an old-school phishing mail, and that was a dead giveaway.
Of course, this was a long time ago, when email was still in its infancy. Times have changed and today’s cybercriminal has changed with the times. Their tactics have evolved and phishing emails are far more convincing than they used to be. They are well written and personalized. Hackers and cybercriminals already have a rough idea of who you are, and that means today’s phishing emails are targeted.
Today’s phishing emails also look authentic; they replicate legitimate emails in terms of design and aesthetic. In fact, at first glance, you wouldn’t know the difference between a real email from your bank and a fraudulent version. Needless to say, this makes fighting phishing scams a major challenge.
On the rise
According to data from the RSA, phishing attacks are only growing, and this is despite an increase in user awareness. One major reason for this growth is the simplicity of executing such scams. Malware developers now offer automated toolkits that scammers can use to create and host phishing pages with the utmost ease.
It is estimated that each phishing attack manages to extract an average of $4500 in stolen funds.
So, the big question is – how does one protect their email, especially at a time when phishing scams are evolving? Well, here is what the experts have to say.
Never trust just a name
A common tactic used by scammers is spoofing the display name in an email. According to a study done by ReturnPath, around 50% of 760,000 email threats targeting some of the world’s biggest businesses had made use of this tactic.
This is how it works – let’s say a scammer spoofs a brand name such as “Nike.” The email address of the sender may look something like “Nike firstname.lastname@example.org.” But, even if Nike doesn’t actually own the domain “customersupport.com,” DMARC and other email authenticity and anti-fraud tools will not to block the mail. This is because the email is legitimately from customersupport.com, even though this domain has nothing to do with Nike. There is no authentication for the “comment” that goes along with the email address (in this example, that is the word “Nike”).
Read the rest of this post »