Phishing Emails are Becoming More Sophisticated

Phishing emails are becoming more sophisticated, and cyber security best practices need to adjust to reflect that change. As a business owner, it can be frustrating to see that your employees are falling victim to phishing emails.

Hand holding a quote bubble that says "phishing alert" in red ink.

Many Phishing Emails Won’t Look Like Phishing Emails

By now, most educated employees know that certain emails don’t look right. Unfamiliar return addresses, links that seem strange, and spacing or grammar errors are just some of the obvious red flags that most employees recognize right away. But sophisticated phishing emails aren’t as telling. Rather than suspiciously asking you immediately for information, they’ll reference a recent event or incident, name-drop a higher up in the company, or ask for information that seems legit and would be needed in certain situations. Once you’ve trusted what you see and click, it’s already too late.

Timing is Everything

A sophisticated phishing email will be well timed. Cyber criminals know that many of us are becoming more savvy about the emails we open and the steps we are willing to follow, but they also know how to gain our trust. A phishing actor may know when the system is undergoing maintenance, and will send you an email after the scheduled time asking for your login information for a system “reset”. Since you know that the system just underwent maintenance, you are more likely to trust the email and follow the instruction dutifully without further research. Not only are the actors themselves well aware of the timing, but the software they use will know what to look for and time the emails accordingly.

Phishing Actors Know You as a Target

Phishing has become much more sophisticated in an effort to gain your trust immediately. These organizations try to learn as much about your company as possible. The more they know, the more realistic their emails can be. Phishing actors will look to see what systems your company accesses regularly, who the employees are and what positions they hold, any recent news about the company that could be used to gain your employees’ trust, and if there is any leaked information that could be used as a trap. A phishing email may open by referencing information that most employees believe is only available internally. They can clone the web page, email signature, and even employee names with a legitimate looking email account. Many employees who consider themselves savvy can be fooled into following the steps in an email if the email looks right.

Constant Vigilance is Key in Cyber Security Best Practices

The best thing employees can do to protect themselves is to be aware of these sophisticated techniques and look at every email with a critical eye. If an email received from “IT” is asking for login credentials, a quick phone call or separate email to the IT contact confirming the request is sometimes all that’s needed. Hovering over the links to see the address, verifying the sender’s email, and keeping a sharp eye out for any inconsistency is the best solution. Your company must be vigilant about informing all employees of your cyber security best practices, whether working remotely or in the office.

The vast majority of employees want to believe that they would spot a phishing email and be smart enough to ignore it. But as phishing emails become more sophisticated this isn’t always the case. As many employees continue working from home due to COVID-19, the more likely they are to be willing to provide information via email. Training your employees to look at every email with a critical eye is part of the cyber security best practices your company should focus on. How does your cybersecurity stack up? AccuShred can help guide you through a self-assessment of your current strategies. Contact us today to learn more.