May 14, 2019
The Careful Art of Phishing Emails
May 14, 2019
While phishing has been around for a long time it still is something that each and every one of us experience in some way. To further this, its not going away either, only increasing as tools and skills get more and more advanced. To start I will share common tactics used in phishing emails, and then share ways to spot them.
If you’ve ever received a phishing email, chances are the scammer made it seem like it was time sensitive. “You have only 24 hours to claim your prize”, “Act fast and claim your offer”, and the list goes on. This is urgency! By making the appearance that you have limited time, the chances of you rationally thinking the email out is reduced. They are looking for you to make snap decisions uniformed.
This tactic is more subtle and sinister. The attacker/scammer will pretend to be someone close to you in order to scam you, such as “Hello from a friend, I am in need of desperate help due to medical conditions and need money sent” or “Hi I am a relative from far away, could you please fill out this document for me?” and general scams like that. These scams prey on the people who want to help out family and friends anyway they can. These scammers are hoping you don’t try to verify that you know them and blindly help.
Most people tend to listen to authority figures, so when an email pops up from someone impersonating your boss, you just listen. They might tell you to download and fill out this file or go to this website and do whatever. A sample could be “Hello, attached is a document that I need you to fill out, thank you, sincerely “your bosses name” “.
Peer pressure is a very real tactic used in phishing emails. Although I would say it is not as common as other tactics used, it is still important to address. When this happens, the attacker will make it seem like everyone else has done it or liked it. An example is “Hello, thousands of people are now playing my game, attached is a copy for you”. By making it seem like more people have went along with it, it increases the odds of a person trusting it.
This tactic is pretty self-explanatory, but none-the-less its worth a look. The attacker in this scam will try to intimidate you into doing something. Such as this example “I have compromising information on you. You must send me bitcoin or else I will leak it” This type is common enough nowadays.
This final tactic is when the attacker/scammer appears to have someone that is in limited quantity, using the game example again an example could be “Hi there, I have recently made a game and its currently in closed beta, only select people are allowed to play, please get back to me with the info in the file attached so I can register you to play”. By making it seem scarce, people think they’re being exclusively chosen and therefore more likely to respond.
A Perfect Storm
Scammer/Hacker/Attackers rarely ever use just one of these methods, instead they combine numerous methods and tactics together to create an ideal phishing email. Although at the same time more is not always better, its all about the victim targeted and what will most likely work. An example of using multiple could be “Hello [victims’ names], I need this form filled out by 4:00 today and not a minute later. Everyone else in the office has already filled it out and I need yours. Without it, the company will suffer severe financial losses and action will have to be taken against you. So please hurry this up. Sincerely [boss or managers name]” As you can see numerous tactics were employed there, such as urgency, authority, consensus, and intimidation.
Ways to avoid it
First of all, know your sender. If they are acting in a suspicious way it should raise red flags. Also look for typographically or grammatical errors as these can be red flags as well. Be sure to know what you are expecting as well, if you didn’t enter a contest, chances are you didn’t win a cruise! If you sense something off about an email, check with the user in a message or talk with them face to face.
All in all, phishing is everywhere and is not going away. So, it’s best to learn how the scammers prey on people so you can be better informed and not fall victim to one of their scams. As always this is just an introduction to phishing emails. There’s always more information and I encourage everyone to do their own research on it to better educate themselves on the topic.
Thank you for taking the time to read and making the internet a safer place