New Email Phishing Strategy

The bad guys of the internet are just waiting for you to slip up, and the scary thing? It’s just a matter of time – and oh boy, do you spend a lot of time online. Think about all the hours you spend using the web at your desk and then add in all the hours you’ve got your phone with you. It takes just one slip-up to give hackers access to valuable data.

A classic way that hackers have been using for years is called “typosquatting.” Hackers will buy domains that are misspellings of popular websites and make their site look almost identical to the real site, hoping you’ll end up there by accident. Once there, hackers have different tools they can use to infect your computer or steal your information. Typosquatting is scary, but at least you have to actively make an error to be threatened by it.

Typosquatting’s close cousin is even scarier. Instead of buying a domain that is similar to a trusted domain and waiting for you to come to them, sometimes hackers will come to you. They will take their very closely misspelled domain and use it to send you phishing emails. Imagine if you are the CFO of Acme Corp and got an email from your CEO asking you to wire money into an account. Would you have noticed the domain in the email address was “@acmecrop.com” instead of “@acmecorp.com?”

If you’re the average worker, you receive 85 emails a day. In the eyes of hackers, that’s 85 chances for you to slip up and click a malicious link or misread an email address. It doesn’t matter to a hacker if 99 attacks out of 100 get caught if one person slips up one time, and your guard isn’t up all day long. You’re distracted enough at your desk to miss a typo like that, but think about all the emails you get on your phone. The type is probably smaller and when you’re reading email on your phone you’re also probably doing something else at the same time.

While you’d probably like to think you would always identify email attacks like the one described, don’t put yourself – and everyone else in your organization – in that vulnerable position. Sendio has addressed this issue with new features making that similar-but-not-the-same email address stick out like a sore thumb. Every time you get a new email in your inbox from a new member of your email community, it gets highlighted. If you’re the CFO and get a fake email from your CEO, for instance, you would have a clear indication that you haven’t received an email from this address before and so give it another look to verify everything about it is legitimate.

Fill out this form to learn more about how Sendio keeps all unwanted and malicious email out of your inbox.