Almost half of ransomware attacks use phishing email with an infected attachment or a web link that opens a malicious program. Executing either will start encryption of the data and display instructions for how to pay the ransom. Phishing email therefore have a significant role in ransomware attack scenarios.
Cause of ransomware infection (Source: Statista, 2016)
What is phishing?
Phishing is a type of online fraud where cybercriminals send email that appears to be from a legitimate company asking the recipient to provide sensitive information.
How to recognize a phishing email
Always take a few seconds to observe an email before clicking on any link or attachment, or even replying to it.
Security awareness training provider KnowBe4 has very reliable instructions to help you identify phishing email. Let’s have a look!
Phishing email sample
Date: Monday December 12, 2016 3:00 pm
Subject: My money got stolen
Hi, I’m on vacation in London and my money and passport were stolen out of my bag. Could you wire me $3000 via Bank of America?
They gave me a special link so this goes right into my account and I can buy a ticket home:
Thanks so much. This really helps me out!
Observing the From field
- I don’t recognize the sender’s email address as someone I ordinarily communicate with.
- This email is from someone outside my organization and it’s not related to my job responsibilities.
- This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
- Is the sender’s email address from a suspicious domain (like micorsoft-support.com)?
- I don’t know the sender personally and they were not vouched for by someone I trust.
- I don’t have a business relationship nor any past communications with the sender.
- This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven’t communicated with recently.
Observing the To field
- I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to.
- I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my organization whose last names start with the same letter, or a whole list of unrelated addresses.
- I hover my mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website (this is a big red flag!)
- I received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank.
I received an email with a hyperlink that’s a misspelling of a known web site. For instance, www.bankofarnerica.com.
- Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?
Observing the subject line
- Did I get an email with a subject line that is irrelevant or does not match the message content?
- Is the email message a reply to something I never sent or requested?
- The sender included an email attachment that I wasn’t expecting or that makes no sense in relation to the email message.
- This sender doesn’t ordinarily send me this type of attachment.
- I see an attachment with a possibly dangerous file type (the only file type that is always safe to click on is a .txt).
Checking the content
- Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
- Is the email out of the ordinary, or does it have bad grammar or spelling errors?
- Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
- Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
- Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
How can I protect myself from phishing email?
Because many ransomware infections start with an email, you need to make sure your email system runs fine-tuned, anti-phishing policies. Most serious providers like Microsoft have anti-phishing features enabled on their email servers. But, as we’ve often seen, some emails have gone under the radar and reached the users’ mailboxes. This is why you need to educate your users about phishing email.
Need help protecting your business, your clients or both from cyberthreats? Check out our free Security Foundation Assessment for best-practice recommendations to improve your security posture.