PHISHING ATTACKS:9 BAD HABITS MALICIOUSEMAILS LOVE

Proactive IT Solutions

www.netrixIT.com

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE P2

A business professional without an overactive, overflowing, and entirely overwhelming inbox is like a peanut butter and jelly sandwich without the peanut butter. No one wants that. Email is a necessary and vital component of any business, and without it, many things simply wouldn’t happen.

This being said, email isn’t exactly the friendliest technology on the block. At first, you see nothing but the beautiful, well-lit path of communication before you. It isn’t until later that you start to notice all those dark alleyways. Will you be curious and venture down one someday? Probably. Will you be exposed to things like malware and data loss as a consequence? You betchya.

Typically, these dark alleyways are the direct result of phishing attacks. PhishLabs describes these attacks as “hacking the human,” and that’s exactly what it is. Phishing is a malicious email created to hack the human brain and dupe a professional (or nonprofessional) into dropping standard security protocols and procedures. In most cases, the “hacker” wants the “hackee” to send over private information, click on a corrupt link, or download a malware-infested document.

In 2016, the digital realm was home to 1.2 million of these brain-hacking phishing attacks - a 65% increase from 2015. And 91% of these attacks targeted five industries in particular - financial institutions, cloud storage & file hosting services, webmail & online services, payment services, and ecommerce companies. So… sorry to break it to you… but anyone, anywhere, at any point is a target. However, certain humans can be more susceptible to these attacks than others, and this is because they’re pretty good friends with habits that love to take long, romantic walks down dark, desolate alleyways. Unfortunate, but true.

Here are just a few of the habits malicious emails love to exploit.

PHISHING ATTACKS:9 BAD HABITS MALICIOUS EMAILS LOVE

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE P3

YOU BARELY NOTICE THE SENDER.All emails come from a “trusted” source… that is, until you realize they don’t. But the key is realizing this before you take any action inside an email. As an example, a phishing email could claim to originate from Netrix IT; however, if you take a look at the email address, it reads Support@Netrix1T.com. That address is not the same as Support@NetrixIT.com. While the addresses aren’t off by a lot, they are off by enough. And enough is all it takes for an attack to go down successfully.

YOU’RE CLICKER HAPPY. All links are not created equal. So if you spot one inside an email from an unknown source, try your very best to avoid clicking it. You can hover over the link and see where it plans to redirect you to; but in some cases, you still can’t fully trust it. In these instances, go directly to the source without using anything inside the email to get you there. Or, trash the email

and forget it ever existed.

YOU FORGIVE GRAMMATICAL MISTAKES.Yes, people misspell words all the time; they forget to add periods, and they leave out commas. However, if you receive an email from a large company or well-known brand, this should not be the case. Emails from reputable sources are edited multiple times by multiple people. Typically, this should leave you with an error-free email. So if you do happen to spot an error, don’t be so quick to forgive it. Feel free to hold it against that company, and delete the email immediately.

1

3

2

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE P4

YOU DON’T OVERANALYZE ANYTHING.Sure, over analyzing personal situations could land you in some pretty awkward situations. But when it comes to emails, you should always overanalyze every last piece of it. From the timing and the call-to-action to the sender and the choice of words, it’s important to be overly critical of it all. For instance, say you send payments to a certain vendor every Thursday afternoon as requested, but for some reason, this vendor is now asking for a payment to be made on a Tuesday morning. The timing is off, but

why? Instances like these need to considered carefully. If emails run outside standard protocols, procedures, and routines, you need to figure out the reason behind it.

YOU’RE A PROFESSIONAL DOWNLOADER.When it comes to downloading documents within an email, do so with caution. Download the wrong item and severe damage could pull up a seat next to you. You don’t want that. As it is with corrupt links inside a phishing email, you should never download something from an unknown source. However, if the download does come from a known and trusted source, then you’ll need to ensure that everything lines up appropriately (which can be tricky). In other words, does it make sense that this specific person is sending you this particular document for whatever reason given?

YOU RESPOND TO ANYONE, ABOUT ANYTHING.At the end of the day, email is email is email. What you put inside an email might be seen by a handful of people you never thought would see it. This being said, don’t hand over information to someone simply because they ask for it. Take your time, analyze the “why” behind the request, and consider your options. If it’s something like a social security number, credit card number, or password, find another way to complete the request. You could always go directly to the source and handle business outside the email.

5

4

6

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE P5

YOU IGNORE THE SUBJECT LINE.The subject line could be an indicator of a phishing attack. This is because cyber criminals love to sprinkle a little fear over everything. Typically, this involves language such as urgent, requires immediate attention, or must read now. While subject lines aren’t the end-all-be-all of determining the legitimacy of an email, evaluating the language and tone can help you come to a better decision.

YOU’RE OKAY WITH THINGS BEING GENERIC.If you receive an email from a company you currently do business with, they should know your name. So if the email fails to address you by name and instead, says something like “Dear Customer,” remain suspicious of it. Then, if it goes a step further and asks you for something (like login credentials, credit card information, or personal details), then be very suspicious of it.

YOU TAKE THE SUBJECT LINE TOO SERIOUSLY.On the flip side of things, you could do the opposite of ignore the subject line and take it way too seriously. The subject line says to take immediate action, so, by golly, you take immediate action. However, this is exactly what the email wants you to do - for you to accept the scare tactic with open arms and blindly take action. Clearly, this would be a mistake. Don’t ignore the subject line, but then again, don’t take it too seriously either.

7

9

8

PHISHING ATTACKS: 9 BAD HABITS MALICIOUS EMAILS LOVE P6

1285 Corporate Center Drive,Suite 190, Eagan, MN 5121

651.389.3300sales@netrixit.com

4733 Amber Valley Parkway, Suite 104, Fargo, ND 58104

651.389.3300sales@netrixit.com

www.netrixit.com

AT NETRIX IT, WE PROVIDE NETWORK SECURITY SERVICES TO BUSINESSES OF ALL SHAPES AND SIZES. We help these companies avoid malicious attacks like phishing, and we help them understand cyber security best practices. If you’d like to learn more about our services or if you simply want to know more about the ins and outs of cyber security, then give us a call today.You can also send us a message or visit our site.