Training employees on phishing attacks.

Breaking Down a Phishing Attack

Dearest Reader,

You’ve caught me at a very critical moment. It is in both of our best wishes for me to extend a lucrative business opportunity forward to you. My name is Prince Obviouso Phishingscamman. My father, King Blantanto Phishingscamman has tucked away his massive fortune of over $15 million. Unfortunately, the wicked Fakemenistan regime has locked him away for good, with bail set at $3 million.

However, with your help, I can exploit a loophole where I can send money overseas to you. I received your email address from a very reliable source so I know you can be trusted. Once my father is free from his prison, I will send the remaining $12 million to your bank account as a show of good faith. All I require is for you to open an bank account within our borders. It will require a small fee of $500 and some information of yours.

Please make the haste. I am looking forward to working with you in the near future.

The most regards,

Prince Obviouso Phishingscamman

What Just Happened?

If you’ve been around for more than 20 years, you’ll probably recognize the format of the “email” above as the classic Nigerian prince email scam. While it seems far-fetched, many people fall for this kind of email all the time. It’s known as a phishing email, named aptly so because it tried to “phish” for information by getting you to spill the beans willingly. In fact, 91% of cyberattacks and resulting data breaches begin with a phishing email.

Let’s take a look at some of the signs that shouted “phishing scam” in the email above.

1st Sign: Your Email

I received your email address from a very reliable source so I know you can be trusted.”

The chance of someone stumbling across your email is low. The chance of them getting your email from a faraway foreign land where you have no ties? Even lower.  These cybercriminals typically use sophisticated tools to harvest email addresses from the internet. They also purchase lists that contain many thousands of email addresses. Once they’re ready with the email, they send it out to everyone they can.

2nd Sign: The Spelling

“All I require is for you to open an bank account.”

It’s not a rule set in stone, but emails from phishers often come filled with typos. The sentence structure is sometimes fragmented, and they don’t always get their point across clearly. This particular email wasn’t really poorly written (aside from the occasional and purposeful spelling mistake here and there), but some phishing scams can be absolutely flawless.

3rd Sign: The Catch

It will require a small fee of $500 and some information of yours.”

As with any scam, there’s a catch. Phishing emails will always require more information from you. In this case, the scammer asked for money and information, which happens often. Sometimes, the criminal is more patient; they don’t ask for anything on the first email or so, but if you respond to them and keep the conversation going… things begin to get dicey. They build a huge backstory, complete with numbers that you can call and businesses that you can look up.

In other words, the longer the communication goes on, the harder it is to break away from it.

Defending Against Phishing Scams through Employee Training

So what is the best way defend against these emails? Time and time again, studies have shown that employee training is the way to go. When employees know what to look out for, they can identify and flag the phishing attempts without putting your company at risk of a breach.

You should train your employees by showing them real examples of phishing attacks. Some companies go as far as to employ people to run a “friendly” phishing attack on their business to see who falls for it.
If you’d like to learn more about how we can help increase your employees’ security awareness, reach out to us today. Our comprehensive network security plans will ensure that both your company and your employees alike stay protected against any cyberattack that comes your way.