Phishing attacks have been on the rise for many years now. Just as technology adapts to the attacks, the attackers continue to adapt to the technology, trying newer and more effective phishing methods on a regular basis.
A phishing method that has become popular in the last few years is impersonating internal users using external email addresses.
First, an email is sent to you and made to look like it was sent from a coworker or supervisor. Often it will have the individual’s actual name in the ‘From’ field, but if you look at the actual email address you can see that it’s from a random Yahoo address.
In the email itself, they’ll likely ask for some sensitive information. Maybe it will be bank account numbers, credit card numbers, or even a password.
However, sometimes they’re even more sneaky and simply ask a question like, “Do you have time to do a quick task for me?”
If you see an email like that, it’s less likely to raise any red flags. So you may reply to the email with something like, “Sure.” Next thing you know, you get another email that does ask for that sensitive information. But because they waited to ask for it, your defenses are lowered and you’re less likely to be suspicious.
If you don’t pay attention to the actual email address the message came from, you can get caught in the attacker’s trap!
If you’re working with a good IT company, they’ll have security in place to handle that situation. Your email server can be set up to tell you whether the email originated from an internal address or warn you if it was an external address.