AttackWeb Security

Phishing Email

Our inbox received lots of emails per day. Most of the email received were junk mails or useless emails to us.

What is the danger opening those malicious email?

They can be ransomware, delete your information in the system and network, steal your information (address book), use your system as the C&C attack,

Email can be divided into the following category:

  1. Legitimate
  2. Advertisement
  3. Phishing
  4. Malicious

Malicious attachment can be prevented through user training and improving user clicking behaviour. The user needs to know the consequence of clicking or opening the attachment from an unknown user.

There software and services provided by the software security company to tackle this question.

Phishing Email

There are lots of ways an attacker can use to phish our system.

    1. Impersonate

By pretending someone you know or organization and authority is a common way from an attacker

Example 1: Pretending a friend or colleague of you, sending you an attachment or redirect you a link

Example 2: Pretending a customer that interested in your product and asking for your detail

Example 3: Pretending Legal or Financial Authority and asked you to click on the link or attachment.

    1. Social Engineering

By calling up to you to furbish detail on your company portfolio or personal information.

Example 1: Calling form survey company, to get your company or personal information

Example 2: Price winning call, to get your personal information

Example 3: Calling from the financial institute, to ask you to click a link from their email or personal information

Where does attacker get our information?