Email Phishing: Better Be Safe than Sorry

By Stuart Mills, Technical Director at Invosys

As of January 2021, there were 4.66 billion active internet users worldwide.

This figure represents nearly two-thirds of the entire global population. Of this, 92.6% accessed the internet via a mobile device.

In the modern world, most professions require a device with an active internet connection. And as soon as the internet goes down, there’s little else to do than simply wait for the connection to return. Or you could try turning it off and back on again.

However, our reliance on Wi-Fi and connectivity could be to our detriment.

AN ADVANCED APPROACH

Devices connected to the internet are susceptible to contracting a virus. While there are many different types of computer viruses, ransomware is arguably the most dangerous.

As the name suggests, ransomware is a type of malware or malicious software designed to block access to certain files or perhaps to the whole computer system, rendering it unusable unless a ransom charge is paid (usually in cryptocurrency). Hackers use advanced ransomware to encrypt systems in this way via a local network, scanning each computer ‘host’ system before identifying a suitable target. In fact, cybercriminals can even access IP ranges reserved for private networks (known as ‘LAN’ systems), such as those beginning with 192.168., 172.16. or 10.

‘Wake-on-LAN’ commands are often sent out to wake computers that are hibernating, sleeping or shut down — the impact of which could be severe if a whole business’ IT infrastructure becomes the victim. Once unleashed, ransomware is notoriously difficult to dominate.

THE STATS DON’T LIE

Ransomware attacks have begun to hit stratospheric levels. In the second quarter of 2021, ransomware accounted for 69% of all cyber-attacks involving malware: a 30% jump from the same quarter of 2020. This year alone, THE UK HAS SEEN 14.6 MILLION RANSOMWARE ATTACK ATTEMPTS, with MORE THAN HALF OF UK-BASED ORGANISATIONS FALLING VICTIM.

2021 was undoubtedly the worst-recorded year for ransomware attacks to date. But why have we seen such a marked increase?

The primary reason for such a high volume of these attacks is that businesses are prepared to pay the required ransom to get their data back. Hackers are consistently rewarded on an enormous financial scale for their attacks.

As a result, cybersecurity specialists anticipate that by 2025, cybercrime could cost the world’s economy a mammoth £7.5 trillion a year. Each attack costs UK businesses an average of $840,000. Malware attacks are a serious risk to our hyper-connected world and, much to our dismay, is a threat that’s only getting more potent.

VIGILANCE IS KEY

Another easy way for hackers to hijack your computer is via email phishing.

Phishing emails arrive in your inbox with malware either in the attachment or embedded as a link within the body of the email itself. Once the recipient enters their details or opens the attachment, the virus can infect the computer system instantly.

We know what you’re thinking. Surely nobody is that easy to deceive?

Unfortunately, hackers have developed intelligent social engineering techniques to scare recipients into making decisions they typically wouldn’t, such as opening a dodgy-looking attachment or clicking on an unfamiliar link.

There are five key signs to look out for when trying to spot phishing emails.

1. AN UNFAMILIAR TONE OR GREETING

If the email purports to be from a colleague or someone you know, is it written in their usual tone? Have they addressed you in a way they usually wouldn’t?

2. GRAMMAR AND SPELLING ERRORS

Typos are common in phishing emails. While everyone makes a spelling mistake every now and again, errors could be an initial indicator that something isn’t right.

3. INCONSISTENCIES IN EMAIL ADDRESSES, LINKS AND DOMAIN NAMES

Often, the address you’ve received the email from is familiar and legitimate. However, most phishing attacks will have a ‘REPLY TO’ address that doesn’t match the sender’s.

4. THREATS OR A SENSE OF URGENCY

How often are ‘URGENT’ emails not preceded by or followed up with a call? A tell-tale sign that an email is malicious is if it requires you to take immediate and unexpected action.

5. SUSPICIOUS ATTACHMENTS

Are you expecting a file from the sender? Is the attachment in an unusual format? Always double-check the veracity of an attachment before opening it mindlessly.

We take cybersecurity seriously here at Invosys. If you’re ever unsure if you’ve been the target of a ransomware attack, you can get in touch with your Invosys Account Manager as normal, and we’ll help you take the best course of action. If you see something, say something!

By Stuart Mills, Technical Director at Invosys

As of January 2021, there were 4.66 billion active internet users worldwide.

This figure represents nearly two-thirds of the entire global population. Of this, 92.6% accessed the internet via a mobile device.

In the modern world, most professions require a device with an active internet connection. And as soon as the internet goes down, there’s little else to do than simply wait for the connection to return. Or you could try turning it off and back on again.

However, our reliance on Wi-Fi and connectivity could be to our detriment.

AN ADVANCED APPROACH

Devices connected to the internet are susceptible to contracting a virus. While there are many different types of computer viruses, ransomware is arguably the most dangerous.

As the name suggests, ransomware is a type of malware or malicious software designed to block access to certain files or perhaps to the whole computer system, rendering it unusable unless a ransom charge is paid (usually in cryptocurrency). Hackers use advanced ransomware to encrypt systems in this way via a local network, scanning each computer ‘host’ system before identifying a suitable target. In fact, cybercriminals can even access IP ranges reserved for private networks (known as ‘LAN’ systems), such as those beginning with 192.168., 172.16. or 10.

‘Wake-on-LAN’ commands are often sent out to wake computers that are hibernating, sleeping or shut down — the impact of which could be severe if a whole business’ IT infrastructure becomes the victim. Once unleashed, ransomware is notoriously difficult to dominate.

THE STATS DON’T LIE

Ransomware attacks have begun to hit stratospheric levels. In the second quarter of 2021, ransomware accounted for 69% of all cyber-attacks involving malware: a 30% jump from the same quarter of 2020. This year alone, THE UK HAS SEEN 14.6 MILLION RANSOMWARE ATTACK ATTEMPTS, with MORE THAN HALF OF UK-BASED ORGANISATIONS FALLING VICTIM.

2021 was undoubtedly the worst-recorded year for ransomware attacks to date. But why have we seen such a marked increase?

The primary reason for such a high volume of these attacks is that businesses are prepared to pay the required ransom to get their data back. Hackers are consistently rewarded on an enormous financial scale for their attacks.

As a result, cybersecurity specialists anticipate that by 2025, cybercrime could cost the world’s economy a mammoth £7.5 trillion a year. Each attack costs UK businesses an average of $840,000. Malware attacks are a serious risk to our hyper-connected world and, much to our dismay, is a threat that’s only getting more potent.

VIGILANCE IS KEY

Another easy way for hackers to hijack your computer is via email phishing.

Phishing emails arrive in your inbox with malware either in the attachment or embedded as a link within the body of the email itself. Once the recipient enters their details or opens the attachment, the virus can infect the computer system instantly.

We know what you’re thinking. Surely nobody is that easy to deceive?

Unfortunately, hackers have developed intelligent social engineering techniques to scare recipients into making decisions they typically wouldn’t, such as opening a dodgy-looking attachment or clicking on an unfamiliar link.

There are five key signs to look out for when trying to spot phishing emails.

1. AN UNFAMILIAR TONE OR GREETING

If the email purports to be from a colleague or someone you know, is it written in their usual tone? Have they addressed you in a way they usually wouldn’t?

2. GRAMMAR AND SPELLING ERRORS

Typos are common in phishing emails. While everyone makes a spelling mistake every now and again, errors could be an initial indicator that something isn’t right.

3. INCONSISTENCIES IN EMAIL ADDRESSES, LINKS AND DOMAIN NAMES

Often, the address you’ve received the email from is familiar and legitimate. However, most phishing attacks will have a ‘REPLY TO’ address that doesn’t match the sender’s.

4. THREATS OR A SENSE OF URGENCY

How often are ‘URGENT’ emails not preceded by or followed up with a call? A tell-tale sign that an email is malicious is if it requires you to take immediate and unexpected action.

5. SUSPICIOUS ATTACHMENTS

Are you expecting a file from the sender? Is the attachment in an unusual format? Always double-check the veracity of an attachment before opening it mindlessly.

We take cybersecurity seriously here at Invosys. If you’re ever unsure if you’ve been the target of a ransomware attack, you can get in touch with your Invosys Account Manager as normal, and we’ll help you take the best course of action. If you see something, say something!