The increasing danger of successful phishing emails should not be understated. Individuals and businesses are frequently targeted by cybercriminals who are looking to steal information. Phishing is the act of sending fraudulent emails to unsuspecting employees and individuals.
Phishing continues to be an effective way for cybercriminals to get access to valuable personal information, login details, credit cards, and infect devices with dangerous malware.
According to Imperva, the recipient of a phishing email is tricked into clicking a malicious link, which can lead to the installation of malware, ransomware, or the revealing of sensitive information. In some cases, the malicious files are embedded into an attachment or link to an attachment.
Individuals are directly or indirectly impacted when they lose private, personal information, access to their devices, and funds when unauthorized purchases are made with their credit cards.
Businesses are also heavily impacted when phishing is used to gain a foothold into the organisation by sneaking past the company’s defences. A single device infection has the potential to spread through the network leaving a path of destruction.
Phishing attack examples
A common phishing email would have some form of urgency and authority/trust associated with it. We often see a trend of the following phishing emails:
An email from Inland Revenue detailing a much welcome tax refund:
An email from your bank warning you about fraudulent emails and asking you to log in via a dangerous link sent within the phishing email.
An email from a courier company detailing tracking information, delivery schedules, or missed delivery notices.
What happens when I click on a phishing link?
Several things can happen depending on what the cybercriminals are after.
Some links direct you to a webpage that’s been paired with the phishing email to give the attack an air of authenticity. In the last example, the courier phishing email can direct you to a website branded by their company that’s completely fake. A common objective of these fake websites is to steal your personal information, login credentials, and/or your credit card information.
Some links direct you to a page with a malicious script running in the background that activates when you interact with the fake website. These scripts are designed to get a foothold into your device and then the business.
What if the phishing email includes an attachment or link to an attachment?
Treat unsolicited emails, especially those containing attachments, with care. Phishing email attachments may contain malware and you should always think twice before clicking links or opening attachments – even from people you know.
Is phishing always directed to victims via email?
No. Phishing comes in many forms and cybercriminals can use SMS messages and social media posts to launch an attack. SMS phishing is called “Smishing” and here is an example of a TXT that seems to be from a potential victim’s bank:
Top tips to avoid the dangers of phishing emails
- Check the sender’s email address first and make sure the name AND email match someone from an organisation you trust.
- Look for common spelling mistakes and grammatical errors in the email.
- Look for other signs that create an overwhelming sense of urgency and fear to get you to respond quickly.
- Never follow links in an email if it’s not from a trusted source. Always hover over the link and type it into your browser’s URL directly if you are unsure. Make sure that the link directs you to the organisation’s actual website.
- Never provide your personal details or any other information if you think that an email may be suspicious.
- If you have fallen victim to a phishing attack, report it to CertNZ right away. CertNZ can help mitigate the risks and help you understand the danger of phishing emails.
