The rapid advancements in technology have greatly contributed to the remarkable progress of human civilization, offering countless modern conveniences. However, as technology continues to evolve, it opens doors for individuals with malicious intent to constantly seek new avenues for exploitation. Unfortunately, one such method employed by these individuals is phishing through email spam.
Phishing, in simple terms, refers to the act of sending deceptive emails containing harmful links or attachments, intending to deceive recipients into thinking that these emails originate from reliable sources. This type of cyber attack is widespread and has been prevalent since the 1990s, coinciding with the widespread adoption and use of the internet, often catching unaware average internet users off guard.
Just recently, in July 2023, a rising trend has been observed in which cyber attackers utilize email spam disguised as legitimate companies to infiltrate the inboxes of unsuspecting email users. These emails appear innocent and harmless, asking users to review new documents they have received, among other things. Hence, the birth of a new phishing method.
To better illustrate this new trend, here is an example of such a phishing email:
In the example above, these are the red flags indicating that this is a malicious email:
By utilizing this redirection method, phishing emails can effectively bypass spam filters, enabling them to infiltrate the inboxes of unsuspecting email users. The initial URL link displayed in the email may appear legitimate, giving the impression that it leads to a trusted website – ticketxxxter.com in this case. However, upon clicking the link, the user is redirected multiple times before reaching the final malicious destination.
This new phishing method is employed by cyber attackers to deceive users into believing they are interacting with a genuine and trustworthy website, increasing the likelihood of users willingly divulging sensitive information, such as login credentials, personal data, or financial details. The attacker will also be able to steal your internet cookies, user-agent and device information, which they can use to impersonate legitimate users, carry out identity theft, perform unauthorized activities on compromised accounts, or tailor their attacks to exploit specific vulnerabilities.
It is hence essential for users to exercise caution and remain vigilant when interacting with email links, especially if the links:
Verifying the legitimacy of the email, double-checking the URLs, and avoiding providing personal information unless absolutely certain about the authenticity of the website are some of the recommended precautions to mitigate the risk of falling victim to phishing attacks.
To help email users combat this new phishing threat, here are four future-proof solutions you can consider:
MSSPs play a vital role in safeguarding organizations against cyber security threats and bolstering their overall cyber defence. They employ a comprehensive, multi-layered defence strategy to protect organizations from external threats like network intrusions or malware but also safeguard against security breaches caused by employee actions. Their services include but are not limited to:
Adventus is a top Cyber Security Solutions & Services Provider with our own Security Operations Centre (SOC). Our elite SOC team is diligently monitoring, detecting, and responding to any cyber security risks or threats in our customers’ environments, this includes the phishing threats we have discussed in this article. Adventus offers a comprehensive suite of solutions to defend against cyber-attacks and lets you drastically reduce implementation efforts, cost, and maintenance requirements. To enhance your organization's cyber security, reach out to us today and assure your corporate team that their data is safe.
Adventus is an award-winning Managed Services Provider, who was named the Best IT Services Provider by Singapore Business Review at the National Business Awards for six consecutive years from 2018 till 2023.