An attempted fraud realized by sending e-mails with seemingly legitimate content.
These e-mails are intended to capture the attention of the potential victim, leading him/her to click on links or open any attachment. This phenomenon allows malicious individuals to acquire sensitive information, such as credentials to access corporate mail systems, bank accounts and applications, or credit card details.
If the fraudulent e-mail contains an apparently legitimate attachment, this could have a ransomware inside, able to infect the devices and make the company data inaccessible. After having stolen the data, the hacker asks for ransom to restore them and the techniques used to lure victims are part of Social Engineering, designed to target “human vulnerabilities” such as:
- Curiosities: fake news about celebrities or really unusual facts.
- Fear: compromised PC.
- Emotion: petitions.
- Situations: Christmas sales or other holidays.
- Hurry: due payments.
- Reward: easy winnings.
Header and Footer
SENDER
Reading the sender’s email address is not an action to be taken lightly, as the attackers, in order to deceive the most hasty and careless users, use a type of cyber fraud called Typosquatting: it consists in the registration of domains with names which are very similar to the originals, and here are some of the most famous examples:
- Yotube.com
- Yutube.com
- Facebok.com
- Goggle.com
SUBJECT
Verifying that the subject of the email is consistent with the content of the request is very important. Unusual objects or phrases, such as “urgent” and “attention”, must be a wake-up call.
SALUTATION
Generic salutation formulas as “hello”, “kind customer”, “kind user”, should make us suspect that the email is addressed to an indistinct mass of people.
LOGO AND SIGNATURE
In any communication, each company email presents an official logo at the bottom, along with the sender’s signature. In case the logo is not present, or the leave formula is abnormal, we must immediately question its authenticity. If the logo is at the bottom, in case of suspicious email, it is important to check if it shows defects or differences from the original one.
BODY OF THE E-MAIL
BODY
The body of the e-mail may have several typos. The wording used can be unreadable and sometimes may have a strange translation of terms in other languages.
Hyperlinks
Another recommendation is never trust links with suspicious sender or content. A good habit to make a quick check on the authenticity of a link, is to point the cursor over it without clicking and observe the pop-up that appears at the bottom left of the page. The link that appears in the pop-up is the address to which you will be redirected. If the domain does not match that of the sender, it is probably a malicious link.
ATTACHMENTS
A careful attention should also be paid to the annexes we receive. Before downloading and opening a document, it is good to ask ourselves first why we received this document and if we expected it. Let’s ask ourselves some simple questions:
- Is the text of the email written in correct English, or does it present errors?
- Does the company which sent to me this document really exist?
- Does the email address domain match the real one?
TO SUM UP: PHISHING
The sender’s e-mail address is a useful element to verify the reliability, and the domain allows us to understand who is the real company that is contacting us.
The first thing is:
- Is it from a colleague?
- Is it related to my work?
- Is the domain of the e-mail address relevant to the content of the message?
If you are asked to do an action such as opening an attachment, clicking on a link to change or enter credentials, always ask yourself:
- Why would I do that?
- Does that make any sense?
The attachments may contain and convey malicious viruses in the company network such as ransomware, with the aim of making the data in your PC inaccessible and ask for a ransom to restore them; at this point, ask yourself:
- Why did I receive this document?
- Did I expect it?
- Does the attachment have a secure format?