Have you received an email for an urgent money transfer from a friend who's stranded in some other country? Or an email from your boss to contact him/her urgently? Or an email to click a link to update your information for receiving tax credit? Do these emails sound familiar? These are called phishing emails. The goal of the sender is to have the receiver click on a link to enter personal information or open an attachment that has malware. Once you enter your personal information, it can be misused by the sender.
Phishing emails are on the rise now for several reasons. One reason is that it's the tax season and it was extended. People expect to receive emails about tax returns or tax forms. The subject of the email can be 'Your 1099 forms', 'W2 forms', 'Tax credit,' etc., with attachments that may contain malware. The email may contain links to websites to update your information for receiving 1099s or W2s. People tend to open email attachments and click on the links.
Another reason for the surge in phishing emails is the current COVID-19 crisis. Due to the current stay-at-home order in various states in the USA, people are working from home. Phishing is very effective now when people are working remotely, and are distracted. Communications are not very effective when people are not in direct contact.
Cybercriminals are very much aware of this and taking advantage of the situation. They use subject lines that contain COVID-19 and related words to make it look credible and relevant like "New COVID-19 Treatment," "Instructions from US Department of Health attached," "Company's response to COVID-19 crisis," etc. It's challenging to validate who is the sender of the email. In the office environment, you can walk to the person and validate it. People may not go the extra mile to validate the email content.
Phishing can happen through phone calls as well. For example, you get a call from someone claiming to be from your bank and asking you to verify your Social Security Number, account numbers, etc. It is too late for you to realize that it was a fake call and some money has already been transferred to some unknown person in some other country from your account. This is called Voice Phishing or vishing.
How can you protect yourself, your colleagues, your family, and friends from being a victim of the attack? Awareness and prompt action can help. Here are some tips to keep you safe and alert from phishing attacks:
Check the sender
One of the top techniques used by hackers is to create an email with a familiar name. Ask yourself:
- Do you recognize the sender's name?
- Does the name match the email address?
- Are there unusual initials, spaces, or misspellings in the person's name?
Check the domain
Look for the fake addresses or manipulated domains. Check for the spelling of the domain, like [email protected]
Notice the order of 'i' and 'a' in "domian"? This is a common trick used by cybercriminals.
Review Email Content
Odd spacings, strange grammar and misspelled words in the body of the email are dead giveaways of a fake email. Additionally, urgency or other unusual "call to action" requires further investigation. A good example is "review attached document ASAP," or "click the link to update information."
Interestingly enough, the poor grammar is used on purpose to filter out the more cautious prey.
Does the email contain an attachment? Be very careful, attachments may contain viruses including ransomware which is malicious software that can block access to a computer until a sum of money is paid online. Never open attachments unless you are absolutely sure they are coming from a validated sender.
If you get a suspicious email with a link to click, look for the underlying URL. Ask yourself:
- Does it look correct?
- Does it look like an expected URL but not exactly? Remember the reversed letters in "[email protected]
Verify with the sender
If you believe you have received a fake email, contact the original sender by calling or texting to confirm. Notify your Security team or Company's leadership and be sure you indicate you have received a suspicious email.
In brief, there are a lot of opportunities for criminals to launch successful phishing attacks on people who are remote and do not have face to face contact with their colleagues. Phishing attacks are at an all-time high. The onus is on us to be extra careful and protect ourselves from these attacks.
About the Authors:
Gene Libov is the Founder of Planet 9 Security, a security consulting company.
Niharika Srivastav is a Regional Network Director at WITI. She has moderated sessions on Cybersecurity at WITI Annual summit and regional events.
Opinions expressed by the author are not necessarily those of WITI.
Are you interested in boosting your career, personal development, networking, and giving back? If so, WITI is the place for you! Become a WITI Member and receive exclusive access to attend our WITI members-only events, webinars, online coaching circles, find mentorship opportunities (become a mentor; find a mentor), and more!
Founded in 1989, WITI (Women in Technology International) is committed to empowering innovators, inspiring future generations and building inclusive cultures, worldwide. WITI is redefining the way women and men collaborate to drive innovation and business growth and is helping corporate partners create and foster gender inclusive cultures. A leading authority of women in technology and business, WITI has been advocating and recognizing women's contributions in the industry for more than 30 years.
The organization delivers leading edge programs and platforms for individuals and companies -- designed to empower professionals, boost competitiveness and cultivate partnerships, globally. WITIâ€™s ecosystem includes more than a million professionals, 60 networks and 300 partners, worldwide.
Inspire Future Generations.
Build Inclusive Cultures.
As Part of That Mission WITI Is Committed to
Building Your Network.
Building Your Brand.
Advancing Your Career.