Phishing is one of the most common types of email threats businesses face today. If successful, these attacks can lead to financial fraud, data breaches or serious disruption to business activities. Therefore, it’s vital firms have the right tools in place to block these attacks.
However, cyber criminals are always looking to adapt their strategies to evade detection, and many of today’s sophisticated attacks are able to bypass traditional protections. There are a wide range of phishing attacks that are able to penetrate gateway defences and make their way to user inboxes. As a result, you need tools that can look beyond the perimeter.
Here are 3 real-world examples we’ve come across when running an Altinet Sentinel scan for one of our customers. All these were identified within users’ inboxes, indicating they were able to escape the attention of email gateways and get in front of employees’ eyes.
1. Employee impersonation
Emails from hackers pretending to be employees have become more popular since the rise of home working. Often, these appear to be from high-level executives demanding information from junior staff, who may be too nervous to question it. But this is not the only type of fakery that can trip businesses up.
For example, we found an email sent to the HR department, apparently from an employee informing them he had switched banks and needed to update his payroll info. If this had been accepted without question, this could easily result in fraud if salaries are sent to the wrong account.
2. Fake file-sharing links
The growth of cloud-based file-sharing platforms is another avenue criminals have been keen to exploit. If workers are receiving many email notifications every day alerting them to new files being shared, it can be easy for criminals to slip fake messages into this.
We identified one such email that appeared to be a notification from OneDrive. Had the user followed the link contained within, they could have exposed the firm to malware or had login credentials stolen. Fortunately, the Sentinel technology was able to recognise that neither the sender’s email address nor the URL contained within matched those usually used by Microsoft.
3. Blackmail attempts
Extortion attempts have proven another profitable way for cyber criminals to make money. But while tools like ransomware make the headlines, efforts to blackmail individual users via email are also on the rise.
In this case, the technology flagged an email where the subject line contained the user’s password – certainly an attention-grabbing tactic. It then threatened to expose private files and videos the blackmailer had obtained unless a cryptocurrency payment was made.
Often, these attempts don’t actually have access to any compromising material, but by using real info such as a password – usually obtained from other data breaches – they aim to scare people into paying up. In this instance, however, both the threatening language and the cryptocurrency request raised red flags for the Sentinel system.
Creating a Cyber Security Plan
All these phishing attempts were identified by the Sentinel tools, however, which highlights the value of having defences that look beyond the email gateway.
With solutions that use the latest AI technologies to analyse messages within inboxes, looking for suspicious activity, you can be sure your employees are better protected and can block threats before they become a problem.
To find out more about how this technology can help your business, get in touch with Arrow today.
Download the essential Guide to Email Security
To prevent you from being a victim, it’s vital to boost your security – and this must start with protecting your inboxes from phishing attacks.
We have released an Essential Guide to Email Security where you can learn how to defend your firm from email threats.