Phishing and Email
Phishing is a highly pervasive threat where attackers make contact by email, phone, or text, impersonating a legitimate source to lure individuals into revealing sensitive information such as personally identifiable information (PII), banking or credit card details, and passwords.
Look for Early Indicators.
-
Suspicious sender - Check for unknown or suspicious senders.
-
Unexpected or urgent requests - Be wary of requests for personal information or login credentials that are urgent or unexpected.
-
Poor grammar and spelling - Look for poor grammar and spelling errors in the email.
-
Suspicious links or attachments - Be cautious of links or attachments that seem unusual or unexpected.
Using some personal information, threat actors can immediately perpetrate other types of attacks such as Email Compromise, where the attacker gains access to (and potentially control over) a targeted email account. Once in control of the account, the attacker may have access to additional data with new compromise opportunities, or the account itself can be leveraged to perform further attacks against other individuals, or institutions.
Small and medium sized businesses operating without significant cash reserves could find their primary bank accounts emptied without warning all as a result of one employee’s email account being successfully compromised.