How to identify phishing emails

The Covid-19 pandemic has led many employees adapting to work remotely from their homes or through a hybrid approach. Because of that, there is a growing threat around phishing emails. On top of that, the current Russian-Ukrainian crisis has even further heightened the cyber threat level of associated activities.

More and more hackers saw this unprecedented situation as an opportunity in order to take advantage and to hack organizations. Employees, due to their inherent trusting nature, can also be a great security threat of an organization. It is far easier to hack a human rather than attacking sophisticated system-based controls that may be in place.

The number of Phishing emails has increased by approximately 400% globally over the past 18 months with employees remaining a prime target, predominantly by being tricked into clicking a link, opening a malicious attachment, providing personal or commercial data or unknowingly sending payments to a fraudulent recipient.

Below there are some useful hints and tips to have in mind when receiving a suspicious email:

• Always assess the context of an email, do you know the sender and were you expecting an email from them or is it completely out of the blue or making an unusual request?
• If your organization utilizes spam filter warnings within the email subject or use warning banners to advise that an email has been sent externally to your organization, be suspicious if the email is portraying to be from a work colleague internally but is marked as external.
• Is the sender hassling you to do something or to take an action? Never feel rushed into taking an action, it’s a common tactic to hurry you into making a mistake.
• Is there an incentive to open an attachment? For example, something nice if you comply such as a gift voucher or something nasty if you don’t i.e., a fake speeding ticket or fake legal summons using fear in the hope to convince you to click a link or open an attachment.
• Does the domain name/email address look correct? Hover your mouse over the email address or right mouse click to check the email properties. Does the spelling of the email address look correct or have letters been replaced to fake a domain name such as use of ‘rn’ to look like an ‘m’?
• Is the email addressed to you personally or is it just generic i.e. Dear Sir or Madam? Does its structure look genuine? Many Phishing emails are not personalized, is something just not right? Trust your instinct and report/always ask for help if unsure.
• An email contains a request for money/change of bank details held on file or to provide personal details. Please be wary of unexpected requests.
• Remember genuine email accounts can also be hacked. Please be wary of the content of an email if the style of a message from a contact that you know suddenly changes i.e., the way they address you or their grammar/use of language changes or they ask you something odd and unexpected such as clicking a link or opening a strange and unexpected attachment.
• If unsure of the legitimacy of an email portraying to be from a contact, verify its authenticity by contacting them directly via independently verified contact details not from the details displayed within the email just received! Pick up the phone and verify.

Recently, Hapag-Lloyd informed that its IT security team has found a copy of its website on the web, which is very likely to be used for a spear phishing attack.
This means that e-mails are used to redirect users to this site and when they log in with their personal access data, which are then tapped by criminals.

This kind of fake websites are usually a one-to-one copy of the real pages and can therefore usually only be recognized as malicious pages via the domain or Internet address.

EXPLORE MORE AT NORTH CLUB GUIDANCE