Blog

Email Phishing Attacks, Explained

The LockDown Low Down – Simplifying Cybersecurity for Smart People who aren’t Cyber Experts


Have you ever received an email that encouraged you to click a link, and you decided not to at the last minute because something seemed fishy? We all have.

About 4% of all emails are phishing attacks. The average person receives over 120 emails per day. That means, you receive about 5 phishing emails every day!

What is phishing?
It’s a fraudulent email that appears to be from a reputable company in order to induce you to reveal personal information, such as passwords and credit card numbers.

Sometimes, phishing emails are embarrassingly poorly conceived.

But sometimes, they are scary good and can fool the best of us. It’s highly likely that you use Office 365 for your business email. There’s a new batch of sophisticated cyber attacks that ask people to sign in to their SharePoint and OneDrive accounts through fake web pages that look like Microsoft’s login page.

An even more dangerous form of phishing is called spear phishing, which is a fraudulent email that is targeted at a specific person (often for a specific reason). Executives and politicians are frequent targets of spear phishing attacks.

How can I tell and what should I do?
The best way for you to determine if an email is suspect is to look at the sender email address (and even this is not always full-proof because sometimes hackers can disguise the sender email to make it look legitimate). If it, or the content of the email, looks in any way suspicious, DON’T CLICK ANY LINKS IN THE EMAIL.

If the suspicious email was sent to your company email address, report the email to your IT administrator. If the suspicious email was sent to your personal account, either delete it or reach out to the sender – not by clicking “reply” to the suspicious email but rather by contacting the person/company that the email is supposed to be from. For example, if the email looks like it’s from me, call me or send me a new email.

Never trust phone numbers that are included in the content of suspicious emails. Hackers have sophisticated set-ups where they have real people answering the phone to trick you into thinking the phishing email is legitimate.

What if I click and enter my credentials on a fraudulent website?
Frankly, it’s not great news. But I’m going to walk you through what will likely happen, then I’ll explain new technologies that have been developed to eliminate this problem.

Let’s say that you received a phishing email that said you need sign into your Outlook account.

You clicked on the link and entered your credentials. Unknowingly, you have set a lot of bad things in motion. Here’s what might happen:

  1. Now that the hacker has your email credentials, he logs into your email account and downloads all of your emails. This means he has access to all of your attachments, messages, contacts, etc. He may or may not change your password.
  2. The hacker now knows what other accounts you are using (for example, your cloud storage service, social media accounts and more). He visits those sites and clicks the “Reset Password” links. Guess where those reset links go? You guessed it – your now compromised email address. The hacker now has full access to your digital information.
  3. The hacker will visit other sites that people who fit your demographic tend to visit. Since most people use the same password for multiple accounts, he’ll try your password on several sites. He’ll also try sending password resets to your account for common websites, like amazon.com.

Another dangerous thing is that when cyber criminals gain access to your email account, they don’t let you know. They could silently view your emails for months or even years without your knowledge. Scary stuff, right?

What should I do to prevent phishing attacks?
The simple answer: Don’t click on anything that looks suspicious. When in doubt, check it out directly with the person who sent it.

Also, password managers like Dashlane or LastPass can be very helpful. Make sure that you use a different password for every account. Try to avoid using your email address as your User Name – although this will only go so far because most User Name recovery programs are tied to email addresses.

Didn’t you say you had a real solution?
Yes, we do. At LockDown, we have created a new standard for digital identity that does not rely on User Names, passwords, email address or phone numbers.

Our system is faster, more secure and easier to use than today’s password-based identity authentication. Imagine never having to manage another password!

Today, we use our patented authentication technology in our first product, which is a secure communication platform, which is available for iPhone, Android and Windows.

In the future, we’ll use our technology to power authentication for your favorite websites, apps and platforms.

We’re just getting started and we hope you give us a follow.


About “The LockDown Low Down”
The topic of cybersecurity can be overwhelming – especially for business professionals who aren’t IT experts, yet are exposed to all sorts of cyber threats, terminology and instructions.

There are enough acronyms in cybersecurity to make your head spin or, like many business people, to make you shut down and stop listening. This blog is meant to explain cyber topics, and the current threats and solutions in plain, understandable English. Our goal is to bring you quick and easy information that can make you more educated and help you make better decisions. In short, to simplify cybersecurity.

 

About LockDown
LockDown is pioneering a new standard for digital privacy, identity and data control. The first product available to the public, LockDown, is a secure communications app that enables surgical control and leading-edge security of digital information. Built upon patented 8,192-bit Atomization™ encryption and proprietary key handling technologies, LockDown delivers a zero-knowledge, zero-trust, password-less environment where messages and files can be shared safely with internal colleagues or external partners. LockDown ensures that security, privacy, permissions and access controls persist at all times, so you no longer have to choose between protecting your data and sharing it. For additional information, visit www.GetLockDown.com.
 
For press and interview requests, please email media@GetLockDown.com or call 1-833-LOCKDOWN (1-833-562-5369).

Recent Posts

Why every HR team needs stronger communication security…now

A staggering 91% of data breaches occur at the communication layer – with email being the primary source. While some breaches are caused by phishing attacks, many information leaks result … Read More

What happens when you click delete?

Wouldn’t it be great if your data was erased when you click delete? This might sound like an odd question. The assumption when deleting a picture, video, document or account, … Read More

Working at a Cybersecurity Startup: An Intern Perspective

Ari Kesler LockDown Intern 2020 This past summer I completed an internship with LockDown, “an all-in-one platform to easily store, share & communicate confidential or sensitive information with complete control.” … Read More