Phishing. Nothing Is What It Seems: How Not To Get On The Hook of the Internet Fraudsters
Photo on GettyImages
What Did You Learn From Your Mistakes?
How often do you follow the wise advice from the “Measure Twice, Cut Once” proverb? And this one: “Trust, but Verify”?
After the incident that happened to me, I could say I did become wiser.
Once, I got an email from my boss. He asked me to pay the bill of an auditing firm, whose services we had recently used. At the bottom of the message body, there was an application form, where I had to enter my credit card details.
Without a second thought, I took out my bank card and filled out the appropriate fields: card number, expiration date, CVV code, and the sum of the payment. I double-checked what I had entered and then sent the email.
It was a real ‘surprise’ to me when, a few days after, I received a message from the auditing company asking about the payment for their services…
During our internal investigation, it turned out that my boss had not sent me that email… It had been the fraudsters who did. And because I did not block my card in time – all my money were stolen.
It was a personal tragedy for me. The company fared far more badly: not only it lost money, but reputation too, which is even worse.
If we look at the bigger picture, the financial loss of our small company cannot be compared to those that large companies and enterprises experience. The financial losses that auditing, banking, and financial institutions suffer from hackers’ attacks are enormous and may exceed several hundreds of millions of dollars a year.
The Main Type of Email Fraud
After studying the problem in more detail, I discovered that I had become the victim of a widespread corporate phishing.
Phishing is the main type of email fraud that aims to steal confidential information (billing information, credit card details, bank credentials (username and password), email account information, financial information, etc.).
The most popular way of phishing is mass mailing (spam). I should note that I provided the data voluntarily, nobody threatened me. This is one of the specificities of phishing attacks: the victims provide their data willingly.
Interestingly, the word phishing derives from English. It is formed from a combination of two other English words: fishing (fishing, scouting) and password. After my “experience”, I asked myself only one question: how can I protect myself from phishing and not be the one who “swallowed the bait”?
There are many basic rules you can follow in order to prevent phishing attacks. Here are some of them:
- Never and under no circumstances give your credit card details to anyone.
- Do not click the links in the content of an email – they can redirect you to phishing sites.
- Pay attention to the design and name of a site in the address bar of the browser: spelling mistakes of even one letter can indicate that the site is a phishing one.
- When you visit bank sites, a secure https connection sign must be present in the address bar.
- Pay special attention to the letters in the subject line of an email indicating that you are a winner of something or that your account was hacked – fraudsters could send them.
- Do not click or save attachments you did not request.
- Never share or give your personal information via email.
What You Can Do About It
The entries listed above are preventive rules which can only warn you about the attack. But only one solution can provide a complete protection and really defend your email from major network threats, and even your own accidental mistakes.
It is called StealthMail.
StealthMail is the add-In for Microsoft Outlook, which ensures the security and privacy of your business correspondence. The service encrypts the message content separately and, also separately, its attachments.
This solution not only provides multi-layered protection for your email correspondence from all sorts of cyber-attacks but, more importantly, it eliminates the possibility of the implementation of one.
All communication takes place inside the secure perimeter of your company. At the same time, you can only email users who have the app installed on their devices and who are authorized. Moreover, only you decide who can receive and view your messages.
Would You Communicate with Strangers?
The StealthMail email security and data protection solution is based on the identification of both parties: the sender and recipient.
To let communication happen between the two parties, the sender and the receiver must have their “passport”. In StealthMail Add-In, the “passport data” is a multi-stage identification process of each participant. Only when both sides have confirmed their ID’s and, thus, were recognized by the service, they will be able to continue communication.
The process of sending emails through the service looks like this:
- Authenticating the user with the email address and device.
- Authorizing the user in the application.
- Establishing a secure communication channel between the sender and the recipient.
- Creating a digital signature for a message.
- Multiple mixing and encryption of the contents of the email and its attachments.
- Creation of Stealth Link of the content and attachment.
- Transferring encrypted content as a link via email.
To read a message, the application installed on the recipient’s side performs the same operations as when the email is sent, but in the reverse order. It is fair to say that to read a message, the application checks the “passport data”.
After confirmation that the identification has been completed, the service decrypts the message.
In other words, with the StealthMail Add-In solution installed on your device, the chances of executing a phishing attack equal zero, i.e. it becomes impossible because you know for sure the person claiming to have written the email actually is that person.
It’s time we became a little bit wiser and took care of protecting our email! With StealthMail Add-In you can feel safe as you know exactly the person you are emailing with.
To learn more about this solution, please visit StealthMail.com.