This week the Attack Library mini-series will focus phishing e-mails, a social engineering attack that many people encounter on a day to day basis. This blog will detail what common phishing e-mails contain, and how to deal with this form of attack.
Phishing attacks are used to obtain information such as usernames, passwords, credit card information or more by impersonating a trustworthy party such as banks, shopping sites or online payment processors. Phishing e-mails are typically sent to large numbers of people in an attempt to maximise the quantity of harvested data.
Many phishing campaigns are intentionally crafted to mimic a website and entice you into clicking on a link that you believe to be legitimate. Social Engineering Toolkit, a widely available toolset, allows an attacker to download and host a copy of a website that will collect entered information from victims. When checking an email to see if it is legitimate, look out for the following signs:
- Check for grammatical errors, they are usually sent from people where English is not their main language
- Many phishing emails will address you in a strange manner. For example, some may start with “Dear customer” or “Hello” while a legitimate sender will use your name.
- Email spoofing is the forgery of an email header, so the message appears to have come from somewhere else. Check the whole e-mail address to ensure it comes from a legitimate source (firstname.lastname@example.org).
If you receive a phishing email, do not click on any links or enter any sensitive information. If you are unsure whether the e-mail is from a legitimate source, then contact the company directly or manually visit the legitimate website to be certain. For example, if you receive a Barclays email which you think may be phishing, navigate to the Barclays website yourself.