Have you received an email for an urgent money transfer from a friend who’s stranded in some other country? Or an email from your boss to contact him/her urgently? Or an email to click a link to update your information for receiving tax credit? Do these emails sound familiar? These are called phishing emails. The goal of the sender is to have the receiver click on a link to enter personal information or open an attachment that has malware. Once you enter your personal information, it can be misused by the sender.
Phishing emails are on the rise now for several reasons. One reason is that it’s the tax season and it was extended. People expect to receive emails about tax returns or tax forms. The subject of the email can be ‘Your 1099 forms’, ‘W2 forms’, ‘Tax credit’ etc., with attachments that may contain malware. The email may contain links to websites to update your information for receiving 1099, or W2. People tend to open email attachments and click on the links.
Another reason for the surge in phishing emails is the current COVID-19 crisis. Due to the current stay-at-home order in various states in the USA, people are working from home. Phishing is very effective now when people are working remotely, and are distracted. Communications are not very effective when people are not in direct contact.
Cybercriminals are very much aware of this and taking advantage of the situation. They use subject lines that contain COVID-19 and related words to make it look credible and relevant like ”New COVID-19 Treatment”, “Instructions from US Department of Health attached”, “Company’s response to COVID-19 crisis” etc. It’s challenging to validate who is the sender of the email. In the office environment, you can walk to the person and validate it. People may not go the extra mile to validate the email content.
Phishing can happen through phone calls as well. For example, you get a call from someone claiming to be from your bank and asking you to verify your Social Security Number, account numbers, etc. It is too late for you to realize that it was a fake call and some money has already been transferred to some unknown person in some other country from your account. This is called Voice Phishing or vishing.How can you protect yourself, your colleagues, your family, and friends from being a victim of the attack?
Awareness and prompt action can help. Here are some tips to keep you safe and alert from phishing attacks:
Check the sender
One of the top techniques used by hackers is to create an email with a familiar name. Ask yourself:
Check the domain
Look for the fake addresses or manipulated domain. Check for the spelling of the domain like firstname.lastname@example.org
Notice the order of ‘i’ and ‘a’ in “domian”? This is a common trick used by cybercriminals.
Review Email Content
Odd spacings, strange grammar and misspelled words in the body of the email are dead giveaways of a fake email. Interestingly enough, poor grammar is used on purpose to filter out the more cautious prey. Additionally, urgency or other unusual ‘call to action’ requires further investigation. A good example is “review attached document ASAP”, or “click the link to update information”.
Does the email contain an attachment? Be very careful, attachments may contain viruses including ransomware which is malicious software that can block access to a computer until a sum of money is paid online. Never open attachments unless you are absolutely sure they are coming from a validated sender.
If you get a suspicious email with a link to click, look for the underlying URL. Ask yourself:
Verify with the sender
If you believe you have received a fake email. Contact the original sender by calling or texting to confirm. Notify your Security team or Company’s leadership and be sure you indicate you have received a suspicious email.
In brief, there are a lot of opportunities for criminals to launch successful phishing attacks on people who are remote and do not have face to face contact with their colleagues. Phishing attacks are at an all-time high. The onus is on us to be extra careful and protect ourselves from these attacks.