Is it just Spam, or Something Worse?
Learn how to check your emails for malware or phishing attempts with the experts at cloaked…
We’ve talked about data breaches, and how to fortify your passwords, but there’s another topic that’s hitting pretty close to home — email attacks.
Ninety-six percent of malware attacks are delivered via email, which makes anyone that relies on email communication a potential target. Malware refers to malicious software like viruses, ransomware, spyware, and others. Phishing is the act of gaining access to personal information through fraudulent means. The two often go hand in hand, and both can occur through email.
While some malware and/or phishing emails are pretty obvious, scammers are getting better at disguising their correspondence as legitimate communications from common companies.
What types of attacks can be delivered through email?
There are several common ways that cyber criminals use email to target people:
- Phishing uses a variety of tactics to try and trick the target into sharing sensitive information. This can include everything from login credentials to your address and phone number.
- Whaling is a form of phishing that targets high profile individuals like actors, influencers, CEOs, etc.
- Pharming involves email links that appear to connect to legitimate sites, but end up redirecting to another site designed to steal information or expose the computer to malware.
- Adware installs a form of malware that results in those obnoxious pop ups trying to sell you something. Sometimes, adware can be intuitive, using your online activity to better target you with ads.
- Spyware is exactly what it sounds like. This malware tracks activity on your computer using keystroke monitors and methods of data collection.
- Ransomware is used to monitor online activity or infiltrate accounts with the intention of threatening to release sensitive information or lock users out of important accounts if certain demands aren’t met.
- Scareware is another type of malware that creates pop ups warning users to take a certain action to protect themselves from a fabricated threat. Often, taking this action provides an in for other types of malware.
How can these types of threats be delivered through email?
One of the most common ways criminals get malware from an email to your computer is through the use of phishing emails. They may masquerade as a person or company, and sometimes include a story or professional looking statement to gain your trust.
Once rapport is established, you may be asked to share sensitive information, download something, or access an attachment. This is where the malware is usually introduced.
Another common delivery method involves malicious attachments disguised as something legitimate. It may look like a personal email from a job recruiter, a free gift offer, or a delivery update. Once you click on that attachment, you become susceptible to malware.
Domain and email spoofing can also cause serious confusion. In these cases, cybercriminals make tiny changes to trusted domain or email addresses with the intent of fooling the recipient into sharing information or downloading something nefarious.
When in doubt — at all — don’t even open an email that you think is suspicious!
How to spot malicious emails (with pictures).
Below, you’ll see an email that appears to be an Easter promotion from Walmart. However, this is a fairly classic example of a malicious email. The subject line is poorly written, the email address doesn’t match previous emails from the real sender, the image is low resolution, there’s no unsubscribe option at the bottom (not pictured), and the obvious one… the email provider has flagged this message as suspicious:
Sometimes, the email will also look out of place in your email list. Note that the image below features an unopened malicious email that displays a strange font accompanied by an unusual subject line and sender representation:
Next, we have an example of a phishing email. This is absolutely classic, and sends from a free gmail account, promises immediate access to millions of dollars, and ONLY needs a list of some of your most sensitive info, including a passport copy! Some of these won’t be quite so obvious.
As a rule of thumb, if a stranger or someone using a free email account contacts you promising something that’s too good to be true, it probably is. Don’t share your personal information, and block the sender.
The next example is attempting to spoof the recipient by pretending to be from Samsung. Again, we see all of the signs in the subject line and content. However, this email may have also been attempting to fraudulently trick this person into sharing their login information for their Samsung account. This type of phishing can cause major problems for those who don’t catch the warning signs:
The following email is an attempt to extort funds from the recipient using fear tactics. While the layout and grammar are still questionable, this scammer has taken the time to model the messaging off of legal documents, created false case numbers, purchased a more professional email address, and even gained access to the last four numbers of the recipient’s social security number.
If you receive an email like this, never act on it without first verifying all of the information with your local legal system. Courts don’t ask for money over email, and they have more efficient ways of reaching you if a matter is important.
While many of these examples may seem easy to spot, there are some that have perfected the art of copying the style and language of credible brands. Any email demanding immediate action to any bank, streaming, or even online payment account should be viewed with skepticism and verified before you click any links or share any information.
Stay in touch!
Just follow us on Medium, send us some love on Facebook, and find us on Twitter under the username: @keepitcloaked
If you’d like to sign up to participate in a future beta testing cohort, we’d love to have you! Just click here to join our waitlist and let the fun begin — no joke, we really are fun!
