Most phishing emails fall into three broad categories: CEO Fraud, Account Notification Fraud, and Blackmail. Any email that falls into these categories should be read with a critical eye.
A CEO Fraud email gets its name as a company’s CEO is frequently impersonated in this type of attack. However, it may appear to be from another member of the executive team, or another trusted associate. The attacker makes a request as the individual being impersonated, usually adding a crisis or deadline to increase the sense of urgency. These attacks are most frequently seen by finance and accounting professionals, and usually attempt to get the target to send a high-value wire transfer.
Account Notification Fraud emails impersonate communications from major service providers and usually target credentials: your username and password. They most frequently appear to come from Google, Microsoft, or Apple. However, examples from mobile carriers such as Verizon, utilities like Xcel Energy, or retailers like Amazon have also been seen. Worryingly, an increasing number of phishing emails impersonate banks – targeting your finances, as well as your username and password.
Blackmail emails are self-explanatory. However, a well-crafted Blackmail phishing attempt can induce a sense of panic that overrides our common sense. These emails can appear to be from a hacker who claims to have compromised your computer, or from a government agency such as the IRS or FBI. Whatever the attacker’s claim, it is almost certainly false. The attacker presents a dilemma, such as revealing embarrassing personal information or a pending criminal investigation and offers to accept a one-time payment to make the problem disappear. In almost every case, the problem did not exist in the first place.
Once you’ve seen a few emails that fall into these categories, you’ll begin to see the common elements and identifying them becomes easier. However, a well-crafted phishing message can still slip past your guard. It’s important to stay vigilant – we as users have to succeed every time – the bad guys only need to win once.