SynchroNews is a service from SynchroNet that aims to keep our clients up-to-date with dispatches from the front lines of information security. One of our most popular SynchroNews series is related to phishing, a cyber security threat that targets business email accounts, and which is estimated to cause millions of dollars in weekly losses around the world.
To a great extent, phishing can be prevented with email management services such as ManageMySpam by SynchroNet. There is a major difference between legitimate promotional email correspondence and phishing; the former has a commercial purpose while the latter is simply malicious. Should a phishing email manage to escape the spam filters and land in your inbox, here are the most obvious red flags to look for:
* The sender's address does not match the organization he or she purportedly represents. In some cases, the email domain name may have a typo or intentional misspelling as a means of obfuscation.
* The sender is not a trusted party. This red flag is more alarming when the intent of the message is to update a password, activate a gift card, or do some sort of online account management.
* Subdomains and unusual extension on the sender's domain are definitely red flags, but they may also extend to links mentioned or embedded in the body of the email message. Quite a few phishing gangs operate .ru domains because they have previously hacked Russian servers, but they will not bother with security certificates, so their URLs lack "https" prefixes.
* A major giveaway of phishing emails is related to the message they attempt to convey. The most sophisticated hacker groups will either recruit or partner with individuals who can author emails using perfect business English, but the majority will try to wing it instead, and this is how you can catch them. In many cases, phishing attempts are copied and pasted from Google Translate.
* Few hackers are good at digital marketing, and many will give themselves away when writing a call-to-action message. If the sales pitch does not make sense at all despite using good grammar, chances are that you are being targeted for phishing.