The number of cyber breaches skyrocketed during the pandemic as bad actors targeted newly remote workers that lacked adequate security protection and sufficient training to spot hacking and phishing attempts. Phishing attacks account for almost 30% of alerts at Pondurance, the most frequent alert that we see. Attackers are getting more sophisticated and leveraging current events like COVID-19 and tax season to deploy new attacks. In 2020, attackers launched a global phishing campaign targeting the COVID-19 vaccine cold chain. IBM noted that the attackers hit the European Commission’s Directorate-General for Taxation and Customs Union, as well as European and Asian companies involved in the supply chain, possibly to harvest credentials for future use. And just this past Tuesday, April 30, 2021, the IRS warned of a tax refund phishing scam targeting college students and staff that claims they have a pending refund.
Such phishing emails can be convincing because they use the agency logo and urgent subject lines to make the end-users think they need to take immediate action. Once end-users click on the link in the email, they could be taken to a fake form to get personal identifiable information or the link could launch malware on the user’s local machine. For employees using their work machines, this could cause a ripple effect, enabling further issues to the network or elevated access via the organization’s domain controller. How would a student, employee, staff member, or nurse know not to click on the email or link? There are some telltale signs and best practices that can help prevent phishing attempts from being successful.
What are the telltale signs of phishing?
There are some obvious signs that an email is a phishing attempt. Attackers are smart but do not always use the usual tone or greeting that you would expect to see from the sender. They tend to have an unusual sense of urgency coupled with bad grammar and spelling errors as well.
Some of the most important things to look for are the email address, link, and domain name. If the domain name or email address doesn’t match what you usually see from the sender, that is a red flag. For example, IRS@gmail.com or email@example.com would be signs of phishing from the IRS. The IRS domain name would be in the sender’s email address if it were actually coming from that organization.
If the link or domain name looks unfamiliar or suspicious when hovering over it in the email, that is another sign that the email could be a phishing attempt. It is best to train students and staff to report these emails to their IT department or flag the email as spam. This can be turned on for most email clients.
It is important for tax filers like students and staff to understand that the IRS would never reach out requesting additional information or access to personal identifiable information.
What is the best way to train end-users to detect phishing?
In our recent example, the attackers are targeting students with an IRS tax refund phishing scam. If students were required to attend a short security awareness training on how to detect phishing emails, they could be better prepared to defend themselves and the school’s network against a phishing attack. This could be done remotely too! Ideally, there would be an email address or an easy way to notify the IT department about the email so that the end-user could easily alert IT. Depending on the sophistication of the attacker and their goals, the attack could disrupt the school’s network with a ransomware attack.
Since so many modern attacks target users through phishing attempts, it is best to educate end-users so they know how to detect malicious links or attempts to access their devices. At the same time, it is important to have adequate prevention, detection, and response strategies supported by 24/7 monitoring. This ensures that users are supported by techniques that reduce the risk and impact of phishing attacks.
Learn more about how a managed detection and response (MDR) provider can help with 24/7 monitoring, as well as other services, in our webinar: Demystifying MDR for the Security Conscious Buyer.