Don’t bite on these 3 top email phishing lures
Ingram Micro, wholesaler of IT products and services, headquartered in Irvine, California, recently published an article about biting on email phishing lures. That very cleverly put reality explains on a fish platter why Ransomware is doing a billion dollar business. In spite of the complex technological warfare against the cyber security crime, the simple fact is that people still bite.
Losses to phishing campaigns in 2016 amounted to $1 billion globally for all ransomware. Yes, you need a firewall, a robust backup solution and strong antivirus software. However, you simply cannot get away from the fact that the troupes in the trenches may circumvent all your best technological efforts by irresponsibly clicking on a phishing lure that looks innocent enough, but hooks them good.
Here are the top three lures, designed to attract the unsuspecting.
Please see your invoice attached.
This has been called a “money out” lure. Bright and colorful, the lure is by far the most popular lure used in phishing campaigns, accounting for almost half of all observed campaigns. The lure is based on the expectation that a payment stands ready if you just click on the attachment or link.
“Your order” email lure distributing Locky ransomware
Click here to open your scanned document.
Electronic fax and scanned document notifications are the second-most common category of email lure. It’s not hard to understand why. There is a lurking need to know who’s faxing, or whether my scanned document came through. Besides, faxes are an old, old friend, right? One of the first technologies mastered. You can’t send a virus by fax! Unless they are digital.
Fax notification lure distributing CryptoWall ransomware
Your package has shipped—your shipping receipt is attached
Online shipping is so convenient it has quickly caught on and become widespread. The perfect bait for a phishing lure. A fake shipping notification or delivery notification is a favorite for phishing attacks. The attacker may dress up the notice with stolen branding from your favorite shipping vendor to make it look more convincing. Then again, they may pretend to be the vendor sending to give you an update on your package arrival. Don’t bite!
Shipping notification lure distributing Vawtrak banking Trojan
Proofpoint provides a system that “Look beyond the Network,” because “Cyber attacks target people.” Proofpoint Essentials is “a dedicated email security solution that protects your business “from email threats including phishing, malware, spam, and other forms of objectionable or dangerous content.” Alliant is currently using and recommending the Proofpoint solution.
Because of the lure to the user, Proofpoint provides the following tips:
- Invest in a mail gateway solution capable of detecting and preventing advanced attacks and those that do not involve malware. Keep the threats out of the network as much as possible.
- Never allow email with attached executable code to be delivered. Simple rules that block email with attached files ending with .exe or .js help prevent obvious malicious exploits from entering your business network environment.
- Use a security solution that connects threat activity across many entryways. Such correlation gives insight into the source of the attack for better resolution, future blocking of like attacks, and facility to detect those that do get through.
If you are ready to shut down the phishing attacks that get through internally and beef up the external network protection, give us a call. Alliant will help with the process to ensure the best protection possible from Ransomware – 90% delivered by phishing attacks.