Cybercrime has been around for over 20 years, however, cybersecurity threats are constantly changing and evolving. Today, phishing attacks account for over 90% of security breaches. As the technology to combat this issue becomes more advanced and sophisticated, so too do the forms that phishing attacks take.

What is phishing?

Phishing is a form of social engineering in which the person sending an email masquerades as a trusted sender to gain the recipients’ trust and, consequently, to acquire their personal information. Unfortunately, as phishing attempts become more sophisticated, they also become more challenging to identify. For example, if a cybercriminal launches a Microsoft 365 phishing attack, the email received by the recipient may ask them to log into their Microsoft 365 account. The recipient will then be brought to a webpage that, due to the presence of Microsoft logos etc, will likely look legitimate. However, when the user logs into their account through this page, their credentials will be harvested by cybercriminals.

How does phishing work?

Cybercriminals are often devious and, therefore, design sophisticated attack vectors aimed at manipulating their victim. Phishing attacks can take a variety of different forms, however, the following seven are some of the most common.

1.     Spoofing Email Addresses

For many people, email addresses indicate trustworthiness: if an email appears to come from a legitimate source, it can be trusted, however, if an email does not come from a trusted source, there may be cause for suspicion. Although this method may have worked in the past, over time, cybercriminals have devised ways to disguise their true credentials and spoof email addresses.

There are two main ways cybercriminals go about doing this:

1.     Display name spoofing

2.     Cousin domains

Display Name Spoofing

Display name spoofing is when cybercriminals use a display name that looks legitimate e.g. [email protected], however, the email address under the display name is something different, such as [email protected] This is a particularly effective method of targeting mobile device users: most mobile device users are unlikely to expand the sender’s name to view the email address under the display name. Cybercriminals are aware of this and rely on it to successfully carry out attacks.

Cousin Domains

Cousin domains are email addresses that look almost identical to a legitimate email address but are, in fact, cybercriminal’s email addresses. For example, a cybercriminal may use the domain Microsoft.co rather than, Microsoft.com. Other common examples include apply-logins.net, apply-securities.com or apple-support.org. Moreover, criminals have also begun using complex and confusing subdomains such as [email protected].

2.     Emails Containing Threating or Enticing Language

Often, phishing emails contain threatening language to cause fear and encourage employees to act quickly. Usually, these emails can appear more credible by being purported as sent from colleagues or superiors within an organisation. Crucially, these emails are used to stoke fear and inspire action for fear of the consequences of inaction. A good example of this is an email sent to an employee using the CEOs email address, or a variation of it, asking for an urgent wire transfer. Requests such as these, and the language used during these attacks, stoke fear, cloud recipients judgement and cause them to make rash decisions that benefit cybercriminals.

3.     Targeted and Personal Attacks

In the past, phishy emails were easier to spot because senders would use generic greetings such as “dear customers.”  Employees knew that they should be wary of emails with an unusual register or greeting. However, in recent years as phishing attacks have become more sophisticated, so too have the tactics employed by cybercriminals to garner the trust of unsuspecting victims. Nowadays, phishing emails often include the victim’s name to cultivate a feeling of authenticity.

4.     Phishing Emails Continue to Improve

Often phishing attacks are launched from foreign countries by cybercriminals that are non-native English speakers. Therefore, grammar mistakes in emails can act as clues when employees are attempting to discern the credibility of the emails they receive. However, in recent years, emails have become more coherent and feature far fewer grammar mistakes. Nevertheless, grammar mistakes and a poor grasp of the English language often offers insight into the authenticity of an email. Thus, employees mustn’t simply skim, but rather read their emails carefully to ensure that they spot any subtle, or glaring grammar mistakes.

5.     Links Are Not Always What They Seem

Phishing emails, regardless of the tactics they employ, always contain a link. It is through clicking on these links, or filling in credentials on websites generated by these links, that cybercriminals gain access to sensitive information. Therefore, employees should hover over links before clicking on them to help establish whether a link is legitimate or not. Often, phishing emails will include prompts such as “Go to Microsoft 365 account” as well as a link, however, the link will actually take users to a phishing page that closely resembles a Microsoft page. Users should also be wary of shortened URLs which may be employed by phishers to bypass email filters and trick users. Moreover, they should treat URLs that do not end in .org or .com with caution. However, if users are in doubt, they can use IsItPhishing.AI to determine the legitimacy of a link.

6.     Phishing Links May Also Be Sent via Attachment

Although phishing emails always contain a link, the link may not always be in the body of the email: it may also be sent via an attachment. A phishy email, which appears as though it is from a legitimate sender, may ask the recipient to open the attachment and click on the link contained within it.

7.     Hackers Use Real Brand Images and Logos in Phishing Emails

Unfortunately, the presence of brand logos and trademarks is not an indication of the legitimacy of an email. Since brand images and logos are available in the public domain and easily downloadable, their presence does not serve as a guarantee that the email is trustworthy. Antivirus badges have even been inserted in phishy emails to increase their credibility. This issue is worsened by the fact that although email filters can spot a phishy URL, only machine learning and computer vision capabilities can spot counterfeit images.

Conclusion

Phishing attacks are a growing issue and it is vital that employees receive training and are cognisant of this form of cyber-attack. It is critical that organisations have procedures in place to combat this issue and that they understand that deleting a phishy email is not a solution. As a Vade Secure partner, Stryve offers a solution that guarantees protection and peace of mind.

Vade Secure is the global leader in predictive email defence, protecting 600 million mailboxes in 76 countries. The Vade Secure solution helps small businesses protect their Microsoft 365 users from advanced email threats, including phishing, spear phishing, and malware.

Vade Secure for Microsoft 365 is the only native email security solution for Microsoft 365, and it combines powerful, AI-based threat detection with a simple configuration based on a once-off set-up. It blocks attacks from the very first email by using machine learning models that perform real-time analysis of the entire email, including any URLs included in the mail and any attachments. With a Vade Secure solution in place, and the help of experts like us, companies can feel assured that their brand and business is always protected.