Strategic Group Blog - Learn about IT stuff. Be Awesome.

Would you be fooled by these phishing emails?

Written by Emily Gam | 07-Aug-2017 03:26:16

Email phishing is still the number one infection vector and is an effective tool used by cybercriminals as they can craft and distribute enticing material to both random and targeted victims.

Phishing emails use a technique called Social Engineering which tries to manipulate, influence or deceive you into opening and clicking the email.  The most common form of social engineering is a scam email copying the ‘look and feel’ of a well-known organisation that you would be expecting to hear from, like the ATO or a utilities company such as Origin. Once you click on the link you are usually taken to a fake site where you are asked to enter personal details or your login information, or malware is installed on your computer.

Security company KnowB4 measured the amount of clicks on phishing emails with over 22,000 people falling for the social engineering tricks. Of those 22,000 who clicked on a phishing email, here are the top ten phishing email general subject lines:

  1. Security Alert - 21%
  2. Revised Vacation & Sick Time Policy - 14%
  3. UPS Label Delivery - 10%
  4. BREAKING: United Airlines Passenger Dies - 10%
  5. A Delivery Attempt was made - 10%
  6. All Employees: Update your Healthcare Info - 9%
  7. Change of Password Required Immediately - 8%
  8. Password Check Required Immediately - 7%
  9. Unusual sign-in activity - 6%
  10. Urgent Action Required - 6%

Several recent phishing campaigns targeting Australians have featured precise replicas of the imitated organisation’s brand design and competent use of English, where the typical phishing email might historically have been easier to identify thanks to spelling errors, poor grammar and inconsistent design.

If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.

You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.