Phishing is when hackers send emails to you posing as someone else to try and get you to click on a malicious link or attachment. As we have shown you before these spoofed emails can usually be easily spotted if you look at the full ‘From’ address. In most cases, unless the hacker has breached a trusted account, the email address will be an unknown account and only the display name will be modified to try to trick you. You can see what this looks like below.
Advanced Phishing Attacks
We are now seeing an increase in the next level of phishing where the hacker can create a ‘From’ address that looks 100% legit without having to hack the account of the company they are impersonating. You would have no way of identifying it as a fake email unless you examined the delivery information (which, unless you have an IT background, you will have no idea how to). An example of this more advanced threat is below:
Determining Real from Fake
As you can see this phishing email looks like it came from Chase Bank. The display name and email address check out. The only way an average user could see that this is a phishing attack is to hover their mouse over the ‘Download’ link in Outlook, without clicking, to see where it really goes it (Hint: it’s not Chase Bank). You will also see that the account numbers and other details do not match your real information.
As we have said many times. Employee security education is a key tool in protecting you and your business. If you would like to speak to Wireguided about our security training, both onsite and via webinar, please Contact Us.