The number of cyber breaches skyrocketed during the pandemic as bad actors targeted newly remote workers that lacked adequate security protection and sufficient training to spot hacking and phishing attempts. Phishing attacks account for almost 30% of alerts at Pondurance, the most frequent alert that we see. Attackers are getting more sophisticated and leveraging current events like COVID-19 and tax season to deploy new attacks. In 2020, attackers launched a global phishing campaign targeting the COVID-19 vaccine cold chain. IBM noted that the attackers hit European Commission’s Directorate-General for Taxation and Customs Union, as well as European and Asian companies involved in the supply chain, possibly to harvest credentials for future use. And on Tuesday (3/30), the IRS warned of a tax-refund phishing scam targeting college students and staff that says they have a pending refund.
Such phishing emails can be convincing, because they use the agency logo and urgent subject lines to make the end user think they need to take immediate action. Once the end user clicks on the link in the email, they could be taken to a fake form to get personal identifiable information or the link could launch malware on the user’s local machine. For employees using their work machines, this could cause a ripple effect, enabling further issues to the network or elevated access via the organization’s domain controller. How would a student, employee, staff member or nurse know to not click on the email or link? There are some telltale signs and best practices that can help prevent phishing attempts from being successful.
What are the telltale signs of phishing?
There are some obvious signs that an email is a phishing attempt. Attackers are smart but do not always use the usual tone or greeting that you would expect to see from the sender. They tend to have an unusual sense of urgency coupled with bad grammar and spelling errors as well.
Some of the most important things to look for are the email address, link and domain names. If the domain name or email address doesn’t match what you usually see from the sender, that is a red flag. For example, IRS@gmail.com or email@example.com would be signs of phishing from the IRS. The IRS domain name should be in the sender’s email address if it was actually coming from their office.
If the link or domain looks unfamiliar or suspicious when hovering over it in the email, that is another sign that the email could be a phishing attempt. It is best to train students and staff to report these emails to their IT department or flag the email as spam. This can be turned on for most email clients.
It is important for tax filers like students and staff to understand that the IRS would never reach out requesting additional information or access to personal identifiable information.
What is the best way to train end users to detect phishing?
In our recent example, the attackers are targeting students with an IRS tax-refund phishing scam. If students were required to attend a short security awareness training on how to detect phishing emails, they could be better prepared to defend themselves and the school’s network against a phishing attack. This could be done remotely too! Ideally, there is an email address or easy way to notify the IT department on the email client so that the end user can easily alert IT. Depending on the sophistication of the attacker and their goals, the attack could disrupt the school’s network with a ransomware attack.
Since so many modern attacks target users through phishing attempts it is best to educate end users so they know how to detect malicious links or attempts to access their devices. At the same time, it is important to have adequate prevention, detection, and response strategies supported by 24 x 7 monitoring. This ensures that users are supported by techniques that can reduce the risk and impact of phishing attacks.
Learn more about how a MDR provider can help with 24 x 7 monitoring as well as other services in our webinar: Demystifying MDR for the Security Conscious Buyer