Phishing scams are a major threat to all email users, especially businesses. The scary part is that they are becoming increasingly sophisticated. Phishing emails popped up sometime in the early 90s. However, back then, they weren’t too hard to detect. For instance, typos were commonplace in old-school phishing mail, which was a dead giveaway.
Of course, this was long ago, when email was still in its infancy. Times have changed, and today’s cybercriminal has changed with the times. Their tactics have evolved, and phishing emails are far more convincing than they used to be. They are well-written and personalized. Hackers and cybercriminals already have a rough idea of who you are, which means today’s phishing emails are targeted.
Today’s phishing emails also look authentic; they replicate the design and aesthetics of legitimate emails. In fact, at first glance, you wouldn’t know the difference between an actual email from your bank and a fraudulent version. This makes fighting phishing scams a significant challenge.
On the rise
According to data from the RSA, phishing attacks are only growing, despite an increase in user awareness. One primary reason for this growth is the simplicity of executing such scams. Malware developers now offer automated toolkits that scammers can use to create and host phishing pages with the utmost ease.
It is estimated that each phishing attack manages to extract an average of $4500 in stolen funds.
So, the big question is – how does one protect their email, especially when phishing scams are evolving? Well, here is what the experts have to say.
Never trust just a name
A common tactic scammers use is spoofing the display name in an email. According to a study done by ReturnPath, around 50% of 760,000 email threats targeting some of the world’s biggest businesses used this tactic.
This is how it works – let’s say a scammer spoofs a brand name such as “Nike.” The sender’s email address may look something like “Nike firstname.lastname@example.org.” But, even if Nike doesn’t own the domain “customersupport.com,” DMARC and other email authenticity and anti-fraud tools will not block the mail. This is because the email is legitimately from customersupport.com, even though this domain has nothing to do with Nike. There is no authentication for the “comment” that goes along with the email address (in this example, that is the word “Nike”).
Read the rest of this post »