Connect-IO

Company Newsletter


Don't Get Hooked
"Phishing in the World’s Largest Pool"


What is Phishing?

Article Image

     Anyone who uses the internet can be a target for phishing attacks, but what is phishing? Phishing is the attempt to procure sensitive information such as usernames, passwords and even credit card details (through deception and/or impersonation). Phishing is typically carried out by email spoofing and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one and the only difference is the URL of the website in concern. Often times URLs are close but differ from their target website (e.g. www.paypal.com or www.pay-pal.com). The communications purporting to be from trusted sources on social web sites, auction sites, banks, or even company IT admins are often used to lure victims.

     Phishing attacks can, if successful, pose significant threat to individuals and companies. They can result in identity theft, loss of productivity, and pharming*.

* Pharming is another scam where an attacker installs malicious code on a personal computer or server. This code then redirects any clicks you make on a website to another fraudulent website without your consent or knowledge.



Types of Phishing:

  • Phishing is an untargeted form of email spam where the sender tries to impersonate an individual, entity, or trusted contact - but is not specifically aimed at the recipient.

  • Spear Phishing is a targeted form of phishing in which fraudulent emails target specific individuals in an effort to gain access to confidential information. Its tactics include impersonation, enticement and access-control bypass techniques like email filters and antivirus. The objective of spear phishing is ultimately to trick a target into opening an attachment or click on a malicious embedded link.

  • Clone Phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original.

  • Whaling or CEO Fraud is a phishing attack that has been directed specifically at senior executives and other high-profile targets within businesses. Emails will appear to be from trusted sources and are highly personalized (may contain names and/or job titles). These attacks are more difficult to detect because they are so personalized and are sent only to select targets within a company.


Protecting Yourself!

     Phishing emails have continued to grow as an attack vector for ransomware. A crowdsourced service for reporting phishing emails called PhishMe collects reported phishing emails by their users. [1] The Q1 statistics reported by PhishMe in 2016 show that 92% of phishing emails they collected contained ransomware. Their Q3 statistics showed that number rise to 97.25%. [2]

     With all of the email sent, and ransomware now accounting for 50% of all phishing emails, it is not a matter of IF you will eventually be targeted by these attacks, but WHEN. It is important that we understand the threats about phishing and the dangers they pose.

     An example of a typical phishing email is shown below. We will take a look at some key elements of this email, so you don’t get hooked.


PayPal Phishing Example

*Note: We do not advise anyone to open a spam email
or click any links inside of them.


  • First, it looks official. It has the PayPal logo and appears to be a legitimate email. The attackers want you to believe that the email is legitimate, and they will use any means necessary to give you a false sense of security.

  • Second, it alerts the user that the account has made recent purchases. These types of tactics are meant to make you react without thinking about what it is you are clicking on. If you see something like this be mindful about what you are clicking on, before it is too late.

  • Third, is the transaction id link. If clicked, this would take you to a spoofed login page where you would enter in your login credentials. This would provide your information to the attackers, while you think you are just changing information.

The easiest steps to protect yourself from a phishing attempt are:

  • DO NOT CLICK LINKS IN YOUR EMAIL. This may seem like common sense, but as many of us do, we are searching through our emails and not really thinking about what potential harm these emails can cause.

  • If you find an email, like the one above, saying that you need to login to update your account information,
    • Open up a web browser,
    • b. Navigate to the correct website.
    • If there is truly something wrong with your account it will be displayed inside the website.

  • Check the sender of the email. This will be your first line of defense. Does the sender's email look legitimate? Some common things to look for are a string of random characters in the sender's name (e.g. lkjhewhrk8763@paypal.com).

  • DO NOT DOWNLOAD ANYTHING. Check to see if there are any attachments with the email. You may think that everything is safe, but the attachments could have malicious content attached. If you do have to open an attachment, check it by uploading it to Google Drive and opening it in their platform first. This is a safe environment. Most malicious attachments will not open and Google will give you an error.

  • Lastly, you can just delete the email. The safest thing for anyone to do if they don’t recognize an email is to delete it. This will ensure that if there was anything malicious it has been removed and won’t accidently be opened later on.

*If you still have concerns about your account, you can always give the company a call and have them check.

     In the example, we use a fraudulent email from PayPal, but they can come in any shape or form.

Statistics from 2017 on phishing emails sent, and broken down by type

Source: Symantec 2017 Internet Security Threat Report (ISTR)



Why are Phishing Attacks Still Successful?

     Lack of training/awareness about phishing is the number one reason that these attacks are so successful. As it turns out, end users are the problem. Through our willingness to share our everyday lives on social platforms, our information is on the internet just waiting for a cyber-criminal to collect and use. Our willingness to post the details of our personal life gives cyber-criminals the ability to use personal information to generate personalized, and believable emails thus, increasing their chances of success.



Don’t Get Hooked!

     We are in the Information Age, but that doesn’t mean that you want your information shared or stolen. It is becoming increasingly important that we remain vigilant when using the internet and become aware of what is happening. If we are knowledgeable about what types of attacks are happening, we can take steps to protect ourselves. It is always better to air on the side of caution when it comes to phishing. Never open or download an attachment from an email that you are suspicious of. Knowledge is power, and these steps will help give you the power you need to protect you and your loved ones from getting hooked into a phishing scam.



By: Aaron Keller

View Article Online
Visit Our Site
Copyright © 2018 Connect-IO, All rights reserved.

Our Mailing Address Is:
3402 E. University Dr, Ste 105
Phoenix, AZ 85034
Office: (480) 757-0397

Want to change how you receive these emails?
You can Update Your Preferences or Unsubscribe From This List.