The advancement of technology has brought numerous benefits to our modern society, but it has also introduced several hazards. Social engineering, in particular, is a commonly overlooked threat used by cybercriminals to manipulate individuals into divulging sensitive information or performing actions that they wouldn't normally do. This form of attack preys on human weaknesses and exploits our natural inclination to trust others.
Phishing through email is a widely used social engineering method. Cybercriminals use visually similar characters, such as "0" and "O", or "1" and "l", to create email addresses or URLs that appear legitimate but are actually fake. Additionally, they use Unicode characters that resemble regular characters. For example, they may replace the small letter "a" with the Greek letter alpha "α".
To illustrate, can you tell the difference between "Onevinn.com" and "Οnevinn.com"?
The first is a legitimate address, while the second uses the Greek letter omicron instead of the "O". When encountering an unfamiliar email, it's important to ask yourself these questions: Did I anticipate receiving this message? Does the email content align with what I was expecting? Does it contain urgent language that tries to provoke immediate action? Does it request personal information without prior solicitation? Is the greeting or signature generic and impersonal? Are there any links or attachments that are unfamiliar to me?
If you still doubt the email's legitimacy, reach out to the supposed sender using a trusted and established communication channel. You can call them through a known phone number or their company switchboard or create a fresh email using their verified address from your address book. Be careful not to directly reply to the email in question.
By following these steps and exercising caution, you can prevent falling for email-related scams and maintain online security.
Did you know that we provide phishing simulation and awareness training to measure your organization's security awareness? Well-trained and well-aware individuals are the most effective defense against social engineering as this form of attack targets unaware and untrained people. Technical solutions are the first line of defense to protect your organization from scammers and their malicious emails.
However, one malicious email that gets through your defense and one unaware employee that clicks on a malicious URL is all that is required for your organization to be potentially compromised!
Here is a video by our colleague Tom Aafloen showing a demo of a successful phishing attempt:
