We’re seeing an increase in Phishing spam emails of late. For reasons outlined below, this type of message can be very difficult to automatically detect as spam so the best measures at this stage is education and vigilance for team members to avoid clicking on any links, supplying any info or responding to the request.
The type of phishing email we are talking about today could look a little something like this:
—————
From: [Actual Business Owner’s Name Here] <some-generic-email-address-here@gmail.com>
To: [Actual team member email accounts]
Subject: REQUEST
Hi [Actual team member names],
Have you got a minute? I need you to complete a task for me discreetly.
P.S. I can’t talk right now, so just reply.
Sent from 4G wireless phone
—————
The reasons why this is hard to detect as spam can be:
- The owner/team member names and contact details are publicly available on the Internet, so no foul play in obtaining them
- The email address is a genuine email account, it is not posing or trying fake being an account that it isn’t
- The message body is genuine, not promoting anything or seemingly linking to anything dodgy and can sometimes actually contain team member’s names
- The only indicator that this is non-genuine is the FROM address.
In these cases, an attacker has obtained business details from the company website or business directories etc, they have then created a genuine generic email address and used the company owner’s name when setting it up. They have then used other team member details to send a targeted email request in the hope someone takes the bait. And often they do!
In the above steps there is really very little machine-detectable flags that could be seen as spam or illegitimate. The attack is manually set up and targeted specifically to the business. The attacker has done their homework!
How to avoid this type of scam
Education and vigilance. Here’s our top 4 tips:
- If the message content or subject seems a little weird, then dig a little deeper before actioning the request. Some weird things could be: unusual language that person wouldn’t use, a request for something unusual that they wouldn’t normally ask for, poor grammar
- If in doubt, don’t just rely on the Sender’s Name, always check the From address as well
- If in doubt, call the sender to confirm they actually sent the message. DO NOT reply to the email to confirm this 😛
- Tell your team! Link them to this post, educate them to be on the look out for this type of email
More info
There’s plenty of info online, Google even have a way to report gmail.com email accounts being used for scams. In reporting, Google will improve their systems to combat future attacks AND can also notify other affected users worldwide if they too have received a message from that gmail.com account…so if you report the scam, that’s your good deed for the day 😉 – https://support.google.com/mail/answer/8253?hl=en
Check out this infographic too – https://smallbiztrends.com/2017/08/identify-a-phishing-attack.html
We have also partnered with Mail Assure (mailassure.itac.technology) to provide enhance spam filtering services that seamlessly layer on top of your existing email server. As always, if you’d like to know more or if you have any questions, do get in contact with the itac.technology team today 🙂