Embedded Files
Phishing and Spear-Phishing emails
Phishing and Spear-Phishing emails
Phishing/Spear Phishing emails are the most common cause of users and companies being hacked.
“Phishing” is where a victim is tricked into downloading malware, ransomware or providing sensitive information to hackers. Hackers often perform phishing attacks via email, telephone or SMS messages.
A phishing email is a generic email sent to thousands of users at once in the hope that at least one target will fall victim. Think of someone casting a big net into the ocean to catch fish.
A “Spear phishing” email is specifically targeted at an individual and is often personalised to increase the chance of the target falling victim. Think of someone chasing a fish with a spear gun
Examples of Phishing emails
Hackers almost always “spoof” their identity when sending phishing or spam emails to make it look like their email is coming from a trusted or legitimate party. Common examples include spoofing the email address of your friends and co-workers, Apple and PayPal.
Hackers also try and use threats and tactics to invoke a sense of fear, urgency or curiosity.
Examples are shown below:
Example 1
Phishing email example 1
In this example, the hacker is trying to invoke curiosity. The hacker is relying on the user being curious to see what this “unknown activity” is and opening the attached file. In this example, the file is a malicious Word document.
Example 2
In this example, the hacker is trying to invoke fear and urgency. The hacker is relying on the user to believe that they will be subject to humiliation if they do not pay a ransom.
The hacker also shows the user they know one of their passwords in order to show they’re serious – this is a trick to get you to believe them and pay the ransom. The password they mention is often from a list of passwords that have already been leaked in a previous data breach.
Example 3
In this example, the hacker is trying to invoke fear and urgency. The hacker is relying on the user to believe that they have done something wrong with their PayPal account, and that they need to clear their name by clicking on a malicious link.
When checking your emails, always stop and think
Do I know the sender?
Am I expecting an email like this from the sender?
Does my recent activity warrant an email like this?
Email “preview” mode
Most email clients allow you to “Preview” an attachment you might receive in an email. Don’t be fooled – this is exactly the same as if you were to save and open it. If the attachment has malicious code, it will still run.
Never open a file in “preview mode” unless you are expecting to receive it and can verify the sender’s identity.
Page updated
Google Sites
Report abuse