Hamilton Information Security Manager, Robert Leonard, shares helpful tips on recognizing common phishing e-mail threats.
With many teams now doing more remote work than they had in the past, there has also been an increase of regular email action and potentially hazardous messages hitting inboxes. Specifically, phishing attacks.
Not long ago, phishing was primarily aimed at the consumer market, and malware was considered the biggest threat to PSAPs. Today, phishing is the top social attack on businesses, responsible for the majority of security breaches. Phishing is becoming more sophisticated, and although there are dozens of techniques phishers may use to trick PSAP teams, there are a handful of methods they rely on most.
Here are five things you need to know about phishing:
- What is Phishing?
Phishing is a type of fraud in which a hacker attempts to gather personal information or credentials by impersonating a legitimate brand or vendor and sending users to a malicious website. A common example of this is the “Office 365 phishing attack”:
A team member receives an email that appears to come from Microsoft asking the user to log in to their Office 365 account (examples below). When the user clicks on the link in the email, it takes them to a fake Office 365 login page, where their credentials are “harvested” (captured by the attacker for later use).
Real Office Page
- Email Addresses Can Be Spoofed
Simply reviewing the supposed sender address is not sufficient enough to trust an email. Cybercriminals have many methods to disguise these messages. They understand how to trick users into thinking a sender is legitimate when the email is, in fact, coming from a malicious source.
With display name spoofing, the phisher uses a legitimate company name as the email sender, but the email underneath is a random address. Display name spoofing is most effective when a user views the email on a mobile device, because the sender’s email address underneath is hidden. Phishers are counting on the fact that most mobile users will not expand the sender’s name to view the email address.
- Subject Lines & Emails May Include Enticing or Threatening Language
Hackers may promise “free iPhones to the first 100 respondents” or threaten that “your credit card will be suspended without immediate action.” Evoking a sense of panic, urgency, or curiosity is a tactic commonly used in phishing scams. Recipients of these emails may feel they need to respond quickly to emails that indicate potential financial loss or that could result in personal or financial gain.
Emails that have an aggressive tone or claim that immediate action must be taken to avoid repercussions should be considered a potential scam. This technique is often used to scare people into giving up confidential information. Two examples of this are phishing emails telling users their critical accounts are locked or that an invoice must be paid to avoid services being suspended.
In some spear phishing attacks, personalized emails from purported colleagues are designed to evoke fear of consequences at work. A classic example of this is an urgent email from a manager requesting gift cards or a wire transfer. Receiving such a request from a top executive creates pressure for the team member and makes them more likely to respond quickly—without pausing to examine the validity of the message.
- Attacks Are Becoming More Personal with Deceptive Links
Phishing attacks of the past were often sent in bulk to a large group of users at once, resulting in impersonal greetings. The emails would often address a user with a generic term like “customer,” “employee,” or “patient.” Everyone should be cautious of messages using these generic terms. More and more phishing attempts are personalized with first names. It is important to understand a personalized email is not necessarily a sure sign of a legitimate email.
Additionally, PSAP team members need to read their emails closely and pay special attention to the links included. Make sure to hover over all links before clicking them to ensure the pop-up link routes to a legitimate destination. If the displayed link and link you see while hovering over do not match up, it is likely a phishing attack.
- A Member of our PSAP Received a Phishing Email—Now What?
Dealing with the repercussions of a phishing attack is both time consuming and costly. One less-cautious click has the potential to compromise an entire network. Team effort and communication is best for keeping a PSAP protected. If faced with a phishing email, team members should contact their IT support immediately so that quick and appropriate action can be taken to protect your PSAP’s network. Note that simply deleting the offending email does not solve the problem.
Wherever our desks are now, remaining vigilant when it comes to e-mail is vital. We are happy to share more information with you about best practices for operational policies and maintaining business in times of transition and troubleshooting.
With over 120 years of experience managing reliable networks and over 50 years of providing services to 9-1-1, Hamilton has the expertise and certified technician support to prepare your PSAP for the future. Our team of technical experts are committed to equipping your PSAP with the knowledge and infrastructure necessary to protect it for modern day operations.
Discover More about Hamilton NG911 Cybersecurity Solutions