When it comes to phishing, adversaries put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action.
The term “phishing” can be traced as far back as 1987. Since then, the risk of falling victim to a phishing attack has increased incrementally due to the world-changing adoption of internet users and the constant pool of personal information available through social media.
What is a Phishing attack?
Phishing attacks are an email-based form of social engineering. Disguised as legitimate communication, the fraudulent email tricks the recipient into responding by enticing them to click a link, open an attachment, or directly provide sensitive information.
Phishing attacks have become one of the most common methods of cybercrime because they are effective due to their ability to bypass detection methods and offer low risk as there is little chance of capture or retribution. Email is simple to deploy, making it easy to send large quantities of messages in a single attempt. Adding to the ease of deployment is the availability of low-cost phishing kits that include website development software, coding, spamming software, and content that can be utilized to create convincing websites and emails.
Adversarial techniques may have varying levels of sophistication:
- Low: These emails are untargeted and deployed in bulk, casting a wide net to successfully victimize at least one recipient. These emails contain several “tells” that indicate an attack, such as improper grammar or plain text, or they are sent from an unknown or improbable source.
- Moderate: More believable, these emails contain real branding from real websites. They have legitimate formatting and proper grammar but remain impersonal.
- Complex: These types of phishing attacks are the most difficult to identify. They are realistic and highly personal, coming from known or trusted sources. The attackers utilize specific, known details about the recipient gathered from internal and public sources to trick the recipient into taking the desired action.
Malicious elements required to execute an attack and comprise the user or network within the email message include:
- Click only: This is a one-step process in which the email urges the recipient to click an embedded link (e.g., SharePoint link).
- Data entry: The email includes a link to a customized landing page that requires the user to enter sensitive information.
- Attachment-based: The email contains a seemingly legitimate attachment that could be in varying formats (Word, Excel, PDF, etc.).
- Double barrel: This utilizes two emails. One is benign and doesn’t contain anything malicious nor does it require a response; the second is a follow-up that contains the malicious element in either of the above forms.
The combination of content, context and emotional motivators is often what drives the success of a phishing attack. Should the phishing attack have the appropriate complexity, and the employee or recipient takes the desired action, the attacker would then have gained access to their personal information and/or the ability to penetrate the network and access crucial information.
What are common indicators of phishing?
- Suspicious sender’s address. The sender's address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters (look closely).
- Generic greetings and signature. Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.
- Spoofed hyperlinks and websites. If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
- Spelling and layout. Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt.
- Suspicious attachments. An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:
- Epidemics and health scares (e.g., H1N1, COVID-19)
- Economic concerns (e.g., IRS scams, Stimulus scams)
- Holidays (e.g., gift cards)
A comprehensive cybersecurity awareness training program is used to educate the students, retirees, and employees on what to look for in a phishing email and to report suspicious emails to firstname.lastname@example.org.
If you believe that your personal information has been compromised or stolen, contact Public Safety and the HUB (information below). If sensitive/confidential institutional information has been compromised or released report the incident to USG Cybersecurity through the Enterprise Service Desk email@example.com at (706) 583-2001, or (888) 875-3697 (Toll free within Georgia) and the HUB at (678) 466-4357 or firstname.lastname@example.org.
Before submitting your email address or other personal information online, you need to be sure that the privacy of that information will be protected. To protect your identity and prevent an attacker from easily accessing additional information about you, be cautious about providing your birth date, Social Security number, or other personal information online. Visit CISA’s security tip on how to Protect Your Privacy when submitting personal information on websites.
Alerts & Resources