How to detect phishing attacks: Here's how you can tell them apart

A successful phishing attack on your business can be a real disaster. On average, a phishing attack is estimated to result in a loss of more than $80,000, according to APWG‘s Phishing Activity Trends Report.

To give an idea of the scale of this ‘industry’, the number of phishing sites detected in the second quarter of 2020 was 146,994, compared to 165,772 in the first quarter. Cybercriminals are getting better and better at making us believe that the emails we receive are genuine when, in fact, they are scams. In fact, they even use SSL security certificates on their websites. To detect even the most realistic messages, good and continuous training of our employees is key to avoid falling victim to these or any other attacks.

The most commonly used fake senders

When attackers target your business, they will impersonate a company we know or trust: banks, telecoms, security, post office, parcels… or even an online shop. These most commonly used fake senders are:

Banks and savings banks. The aim is to get hold of credit card numbers, coordinate cards, secret PINs, etc.
Official bodies, such as the AEAT, to infect the computer, steal private and banking data and defraud the user financially.
Online payment gateways (such as PayPal, Mastercard, Visa, etc.). Again, the main motivation is to steal bank details.
Social networks, in order to steal users’ accounts, obtain their private data and impersonate them. This can be a major blow to confidence in your business.
Buy/sell and auction sites (such as Amazon or eBay). They can also scam you or your customers.
Help and technical support. This is where people try to steal accounts, access personal data and files.
Other services, such as cloud storage or packaging. In both cases it may be to access your data and, with it, get your banking credentials.

Message issues that should make you suspicious

The email subject that has proven most effective in phishing campaigns is an urgent text to immediately verify a password. It is estimated that almost 4 out of 10 users (39%) fall for it. But there are other texts that are successful. Social networks are widely used as a lure and are successful, especially if LinkedIn is the subject: 55% of phishing messages with this word achieved their target, while when it is Facebook that appears, the success rate is at 28%.

Thus, the top 10 phishing topics with the most clicks are:

Password change required immediately (26%)
Microsoft / Office 365: Email deactivation in process (14%)
Password verification required immediately (13%)
HR: Salary increase (8%)
Dropbox: Document shared with you (8%)
IT: Scheduled server maintenance – No internet access (7%)
Office 365: Change your password immediately (6%)
HR warning on the use of personal items (6%)
Airbnb: New device login (6%)
Slack: Reset password for account (6%)

If you were not expecting the message, be suspicious. If you notice text in the message such as that they have noticed suspicious activity or login attempts or that there is a problem with your account or payment information or that you need to confirm certain personal information, unless you have specifically asked them to do so, they are usually fake. Similarly, if there is a fake invoice, a request to click on a link to make a payment or an offer of a coupon for free stuff, the alarm bells should go off immediately.

Although email filters are getting stronger and stronger, the engineering and skill of criminals is sometimes beyond that of security companies, so it’s not surprising that a message can sneak into your inbox. That’s why it never hurts to add extra layers of protection. Examples such as endpoint inmunisation or operational intelligence can really help your business.