Top five email phishing attack lures revealed and how to prevent them
Phishing remains one of the top threats seen by organisations today. Threat actors use various social engineering tricks to convince users that their requests for information or money transfers are legitimate.
Proofpoint has compiled a list of the top five email lures that compel people to click:
- Please see your invoice attached: “Money” lures are the most popular with phishing attackers by a long shot. They account for almost half of all observed phishing campaigns.
- Click here to open your scanned document: These have an inherent urgency, coupled with a historic association of fax with phone lines and audio, which aren't naturally associated with malware.
- Your package has shipped – your shipping receipt is attached: While some of these employ stolen branding from major shipping and delivery vendors in order to create a more realistic and convincing email, others purport to be directly from the vendor instead of the delivery service.
- I want to place an order for the attached list: Similar in style and technique to invoices and order confirmations, “business transaction” email lures are different in that they claim to relate to potential future business.
- Please verify this transaction: Typically appear to be from a bank or other financial institution and lure the user with the news of an electronic or online payment intended for the recipient once they've verified or corrected the account information in the attached document.
In order to protect your organisation, users and your data against the latest phishing attacks, Proofpoint recommends the following:
- Invest in mail gateway solutions that are able to detect and prevent advanced attacks and those that do not involve malware.
- Don't allow emails with attached executable code to be delivered and don't let people share code over email. Enact simple rules that block .exe or .js attachments to prevent obvious malicious exploits from entering your environment.
- Deploy security solutions that can correlate activity across threat vectors.