This article is provided and written by Winsor Consulting.
Email phishing has become one of the most common and dangerous cyber threats businesses face. From small startups to large enterprises, no company is immune to phishing attacks, which can lead to financial loss, data breaches, and reputational damage. In fact, phishing is a key entry point for more complex attacks, such as Business Email Compromise (BEC), where cybercriminals gain access to company email accounts to perpetrate fraud.
In this blog, we’ll dive into what email phishing is, how it impacts businesses, and the essential steps you can take to protect your organization from these costly attacks.
Email phishing is a type of social engineering attack where cybercriminals attempt to deceive individuals into performing certain actions—such as clicking on malicious links, downloading infected attachments, or providing sensitive information (e.g., passwords or financial details). These emails often appear to come from a trusted source, like a business partner, bank, or even your company’s leadership. However, their goal is to compromise your personal and professional accounts, steal information, or infect your network with malware.
The consequences of falling victim to email phishing are severe. Phishing attacks can lead to:
While phishing emails have become more sophisticated, there are still common indicators you can look for to avoid falling into the trap:
1. Unexpected Requests: Emails asking you to click a link, update your password, or send money are common phishing tactics. Be cautious if the email creates a sense of urgency or pressure.
2. Suspicious Sender Details: Check for slight misspellings or variations in the email address (e.g., “@company.co” instead of “@company.com”).
3. Poor Grammar: Phishing emails often contain spelling and grammatical mistakes. Be wary of any email that looks unprofessional.
4. Insecure Links or Attachments: Always hover over links before clicking to reveal their true URL and avoid downloading unexpected attachments. If a link seems suspicious, do not interact with it.
This email looks like a legitimate OneDrive file that was shared. Sometimes, the threat actor will compromise a user and send a file from the compromised user’s OneDrive that will prompt you to log in. These typically are used to steal your credentials, as well as the token required to bypass MFA.
This email shows a URL that redirects to a different URL that could potentially be dangerous. If hovering over the URL does not show a user-friendly URL, please reach out to the Winsor Help Desk before opening the link.
The email is common for administrative staff. The email will have a current employee’s name with an illegitimate email address. They will typically ask for their payroll information to be updated, ask for a staff member to pick up gift cards for other employees, or ask for an update on an invoice. There is nothing within these emails that will compromise you or the organization. They will have a string of emails back and forth with a payroll person regarding the payroll info update. They will eventually provide new SCH information to send the money to the incorrect location.
Similar to the OneDrive link, Dropbox emails typically look legitimate; however, the shared file typically contains malicious content or redirects to a login prompt. Again, do not open the link unless you are expecting a Dropbox file.
Phishing attempts are on the rise, and cybercriminals are using more advanced methods than ever. Attackers can now automate phishing attempts, making it easier to distribute emails en masse. One particularly dangerous tool is Evilginx, which allows attackers to create a man-in-the-middle attack. This method captures the login credentials with Multi-Factor Authentication (MFA) and gives the actor access to the login token.
For example, you might receive an email that seems to be from a legitimate contact, containing a link to a shared document on OneDrive. Upon clicking the link, you’re directed to a seemingly legitimate Microsoft 365 sign-in page. However, this page is a malicious web application designed to capture your login credentials and session token. Once the attacker has access, they can send emails from your account, steal data, and even add their own MFA to maintain control.
To safeguard your business against email phishing, follow these best practices:
If you suspect you’ve received a phishing email or accidentally interacted with one, contact your IT team immediately. At Winsor, our Help Desk is here to assist you in identifying phishing emails, verifying suspicious links, and resolving any issues caused by a phishing attack. If you are a current Winsor client, reach out to us today for assistance.
Phishing remains one of the top cybersecurity threats to businesses today. By staying vigilant and implementing the right security measures, you can protect your organization from the financial and reputational risks associated with these attacks. Remember, educating your team and being cautious of unexpected email requests is key to preventing phishing incidents.
To learn more about how to safeguard your business from phishing, contact Winsor for a free consultation or IT security assessment.