How to Spot a Phishing Attack

3-Hat Information Security > Email  > How to Spot a Phishing Attack

How to Spot a Phishing Attack

Start with verifying your email.

    Email has become the primary means of communication for many businesses over the last few years. Email comes with a myriad of advantages from long term communication persistence, to being accessible from almost anywhere on earth. Email is one of the oldest standardized protocols for network communication that is still in use. This may explain why it has become so widespread, but this also means that email was designed with far less security than we have become accustomed to. This can often lead to users overestimating the legitimacy and integrity of an incoming email. This overestimation unfortunately leads to fraudulent or malicious emails being the starting point for a large portion of cyber-attacks.

	The email standard that most email service providers and clients adhere to provides no inherent form of user validation, endpoint validation, or email address validation. This makes it possible to impersonate just about any client given enough time and effort. Luckily some email service providers have started to implement services which provide addition transmission protections and moderate validation assurances. But more often than not, these phishing mitigation systems only slow the rate at which malicious emails get through. Even Gmail lets you send fully validated emails as any user on their platform without their credentials. In the rest of this article, we will discuss methods for spotting a fraudulent email as well as additional systems which you can implement over an email system in order to allow for more reliable validation.

	The paragraph above may make it seem hopeless to try to detect a fraudulent email, but there are several steps you can perform to significantly reduce the chances of falling victim to a phishing attack. The primary phase is to consider your expectations and your environment. The secondary phase is to carefully check the information contained within the email itself. And the final phase is to utilize cross-platform user validation.

	In the primary phase you will be able to eliminate most of the possibly fraudulent emails. This can be done by asking yourself a few questions: Why was this sent to me? Was I expecting this email? Who else was this sent to? Does this email contain external references such as attachments or external data requirements in order to be viewed? If any of these questions didn’t leave you with a satisfying answer in regards to an email you are investigating, it is most likely an accidentally sent or fraudulent email and can be safely discarded.

	In the secondary phase you will be able to scrutinize the contents of the email. The authenticity of an email may be determined by comparing writing style, spelling consistency, sender’s email address, and overall formatting of the email in question. If the email appears to be from an incorrect sender at this point, it should be safe to discard.

	In the final phase you will be able to decide how to handle the email based upon the seriousness of the information it contains. If the email is just an ongoing conversation about something mundane, it is probably safe to trust its contents. However, if the contents require physical interaction with sensitive information or involve operations regarding network security, we advise that you perform some form of cross-platform validation. Cross-platform validation can be as simple as a text message or phone call to ensure that the sender actually sent the email in question. This can be done through other platforms like Facebook, Instant messengers, VOIP, and IRC style services.

	The processes listed above, although reasonably effective, require a lot of additional time and energy which can be better spent elsewhere. Considering this, there are several email compatible addons which can make this process much faster and more secure. Most of the email security addons utilize public/private key encryption to help validate the sender and recipient. This not only allows for you to cycle keys regularly to maintain the integrity of your security scheme, it also allows you to send sensitive information over the internet without the risk of exposure from interception. The way that most public/private key encryption schemes work is as follows: You create a key-pair for each user. Each user keeps their private key securely stored on their email client. The public key is given only to other users which should be permitted to send emails to the private key holder. When you send a message encrypted with the public key, only the private key holder can decrypt the message.

	Using an encrypted email system might seem like just as much work as the traditional validation methods mentioned before. But all these processes can be automated by modern email clients such and Thunderbird, Gmail, and Outlook. If you need additional levels of encryption for extremely sensitive data, we recommend that you encrypt that information outside of your email client using a pre-shared key encryption scheme and send it as an email attachment. (ex. AES256, Serpent, etc.)

	None of these mitigation strategies are perfect on their own. Protecting yourself from phishing is purely an information game with a bit of human psychology thrown in. But when these methods are combined with each other, along with a healthy level of paranoia, you will be able to significantly reduce your chances of ever falling victim to a phishing attack.
No Comments

Sorry, the comment form is closed at this time.