Cybersecurity Awareness | Phishing

-

In October 2004 U.S. Department of Homeland Security and the National Cybersecurity Alliance launched Cybersecurity Awareness month in effort to create awareness and helping individuals to protect themselves. Since 2012 this idea has been adopted by ENISA (European Union Agency for Cybersecurity) with an annual campaign dedicated to promoting cybersecurity among EU citizens and organizations through awareness raising activities and sharing of good practices.

In 2022 the theme is “Think Before U Click!” #ThinkB4UClick, which addresses two of the most common threads, namely Phishing and Ransomware.

In this blog we will dive into the thread called Phishing. What is it, how to recognize a phishing attack, prevention and what to do when receiving a phishing email and why it is important to create awareness within your organization.

What is phishing?

Phishing is a social engineering method, where an attacker’s goal is to trick a person to reveille personal and/or sensitive information like credentials, PIN, phone numbers, financial information or any other information that could be used to perform the next step in the attack chain, like gaining access to systems.
One of the commonly used methods is email phishing. With this method the attacker sends an email to a person or organization and mostly requires the receiver to login into a website that looks familiar, but in fact is fraudulent.

How to recognize email phishing?

Email phishing attacks are evolving and become harder to recognize. Still there are some ‘red flags’ that could help you recognize a phishing email or at least raise suspicion when receiving one.

A brief list of ‘red flags’ when comes to recognizing a phishing email;

  • Request to login
    The email contains a link to a website where you need to login
  • Poor grammar
    Although not always the case, a phishing email containing poor grammar and spelling errors should at least raise suspicion
  • Urgency
    The message contains some urgency. “You have limited time to click on the link”
  • Message is addressed to a generic recipient
    Phishing emails are often addressed to a generic recipient. “Dear sir/mom”
  • From name and address do not match
    The ‘from’ name does not match the address that is used in the email
  • Subject unclear
    The subject of the message is unclear. What is the purpose of the message you received?
  • Contact information missing
    The contact information you could use to verify the purpose of the message is missing

An image of a suspicious email containing some of the red flags mentioned above

Preventing phishing within your organization

Implementing proper technology that automates the process of detection and prevents the delivery of suspicious emails to your users is the first (and necessary) step. Equally important is to keep your organization informed and ‘up-to-date’ through education and awareness on this subject. When an automated process fails to recognize a malicious email, the receiver is the next in the ‘line of defense’ and they should be able to recognize it based on some red flags. And this can only be achieved by creating awareness and training.

What to do when receiving a suspicious message

When you are suspicions about a message you received or identified one as phishing and it has any attachments, it is Important not to open it. An attachment may contain harmful software (known as malware) that could supply access to the attacker or even harm your system.
A general rule to confirm if the sender intended to send you the message, is simply to contact the sender (if possible) and verify it. If contact information is missing, that should be a red flag and you should not take any actions requested in the message.

If you are not reassured after the previous step, you should always report the message as phishing with your mail client. This information is used by automatic detection processes to avoid further spreading of the message through the organization.
In case you (accidently) opened the attachment or followed up the instruction in the mail, then you should report this to your security department. Proper actions should be taken by the security department to prevent this spreading further within an organization.

In most cases a phishing attack is executed on several users within an organization. Therefore, it is important to inform others within your organization about a (possible) phishing attack, and it is recommended to use the internal communication channel.

To summarize the actions, you should (or should not) take as a user when a suspicious message reaches you:

  • Do not open any attachments
    An attachment may contain harmful software (known as malware) that could provide access to the attacker or even harm your system.
  • Contact the sender
    If possible, contact the sender in a separate message to verify if they did send a message and request information about the purpose of the message
  • Report it as phishing
    Most mail clients offer functionalities to report phishing. This helps (automated) systems to recognize phishing attacks and prevents them from spreading further within an organization.
    Use internal communication channels to inform others about a (possible) attack

Why it is important to create awareness

Phishing and other attacks have increased, especially during the Covid period. Educating your employees and increasing awareness within your entire organization has become important, since the employees are ‘the first line of defense’ if an automatic process fails. Recognizing malicious attacks and taking proper actions to prevent an attacker from gaining access to sensitive data and increases the security maturity within your organization.

In conclusion

Every organization should be aware of a (possible) attack and ready to act if one occurs. Setting up processes, testing these and using the proper security tooling to mitigate and/or prevent attacks and create cybersecurity awareness through training and attack simulations. And of course, #ThinkB4UClick