Advertisement
Shutterstock/Lifestyle discover
VOICES

We're exposed to potential threats via email every day - here's how to spot malicious messages

The most sinister of cyber-attacks are often simply delivered, writes Richard Lambe.

TECHNOLOGY IS EVERYWHERE, covering our use of wireless networks, smart devices, computers, how we shop, and much more.

We are always online, checking our mobile phones on average every 12 minutes, getting updates on social media, our work emails, and news from around the world.

As our dependence on technology grows so too does our reliance on cybersecurity.

Cybersecurity in its simplest form is the protection of IT systems and data from cyberthreats.

For a company it could be protection against the unauthorised access or sabotage of computer systems, hardware, software or data. For individuals, cybersecurity could mean protection against identity theft, device viruses or even possible financial loss.

The most sinister of cyber-attacks are often simply delivered through malicious emails, calls or even text messages.

Many of us are unaware of the risks involved and receive little training on the topic, apart from training programmes, run in proactive organisations, schools or colleges.

High-profile data breaches continue to make the headlines but closer to home, on our computers or on our smart devices, we are exposed to potential threats through our emails – where attackers can easily take advantage of us.

What is phishing?

As email is the top cyber-attack method, it is vital you can identify these threats and manage them accordingly. Phishing is when an attacker attempts to persuade someone to interact with an unsafe email.

They coerce an unsuspecting recipient to click on a malicious link or unwittingly part with valuable information. A phishing email can often have an attachment that contains malware which, once clicked, can infect your device.

Examples of malicious emails include impersonation of financial institutions, file hosting services, utility companies, entertainment websites, cryptocurrency exchanges and technology companies.

Attackers will also use current world events to tailor their emails – for instance, an email that enticing you to click on a link that offers you a free or cheap ticket to a large sporting event such as the World Cup or Ryder Cup.

Phishing is becoming more advanced through the practice of social engineering and the types of emails flooding our inboxes are becoming more sophisticated and difficult to spot.

Attackers are increasingly adjusting their techniques and methods of attack and identifying malicious emails is becoming more difficult.

For that reason alone, to avoid attack, it is imperative that you are aware of
the basic tell-tale signs.

Tips to help you spot a malicious email:

What’s in the subject line? Attackers typically try to invoke a sense of urgency in the subject field to trick the recipient into opening the email on impulse. If it doesn’t look right, don’t open it!

Who is it from? Attackers often impersonate a brand name or website that you may be familiar with. Look closely to spot irregularities like incorrect spelling of a name, wrong logo or fake imagery.

Are there spelling mistakes? If it doesn’t read right, don’t interact with it. Spelling and grammar are a telling sign that an email may be coming from an untrusted source.

Is there an attachment? Attackers will often include a malicious file as an attachment to a phishing email. Do NOT open it before you verify that the sender and the email content is legitimate, and from a reliable source.

Is there a link? Attackers may use URL hyperlinks in the body of an email enticing you to click. Typically, if you hover over the link with your mouse cursor, it will reveal the real destination.

Where did they get your information from? We are currently experiencing a peak in social engineering. This is where an attacker relies on human interaction to gain access to information or systems for their own gain, be it financial or other. It can be done by gaining information about you through social media platforms, by phone or from your online activity. This is normally carried out over a period of time to build up trust. Be vigilant online and don’t share personal information!

Knowledge is power and the more we know the better we can be equipped in protecting ourselves against cybercrime.

By adhering to the above tips, you will be more prepared on how to spot the
tell-tale signs, making you less likely to fall for a phishing email.

Richard Lambe is Senior Security Awareness Consultant at the Cybersecurity and Information Resilience centre of excellence at BSI.

Your Voice
Readers Comments
12
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel