Got e-mail from a company you trust? Beware! You may be under phishing attack

A little moment of carelessness can prove costly for you during any online activity. Cyber fraudsters are always on the prowl for unsuspecting victims. These criminals apply various deceptive techniques to launch phishing attacks. Even office mails are not untouched! A report by US-based cyber-security firm Barracuda Networks has revealed that one in seven businesses experienced phishing strikes globally in the last seven months. Over 55 per cent of the lateral phishing attacks targeted recipients who had some personal or work relationship to the hijacked email account, the report said.

The report titled "Spear Phishing: Top Threats and Trends Vol. 2" reveals that in email account takeover, the attackers use legitimate enterprise accounts they have recently compromised to send lateral phishing emails to an array of recipients. These include close contacts within the company to partners at other organisations.

"Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users," said Mike Flouton, Vice President of Email Security at Barracuda Networks. 

"Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business," Flouton added.

Here are some key points of the report:

As fraudsters send lateral phishing emails from legitimate accounts, they can effectively fool many existing email protection systems and unsuspecting users. Lateral phishing attacks occurred during the regular workweek and during the victims' regular working hours. The study involved over 100 organisation.

How cybercriminals launched lateral phishing attacks:

- Fraudsters applied two popular tricks for phishing attacks. First, they send messages that falsely alert the user of a problem with their email account. Second, they send messages providing a link to a fake "shared" document.

- The report said that as many as 63 per cent of the lateral phishing incidents used generic and commonplace messages. Also, in 37 per cent of cases, criminals had tailored their content to be more enterprise-oriented or highly specific to the victim organisation

How to save yourself from phishing attacks

- Next time you receive a mail from your office, make yourself doubly sure it is authentic and report immediately if you suspect any content of the mail.

- Never click on suspect links.

- Don't respond to any message claiming some problem in your mail. Check your mail. Change the password. If you have more doubt, then contact an expert for advice.