How To

How advanced encryption has made phishing emails harder to detect


Authored by a Symantec employee

 

While the phrase ‘phishing’ might make you think of fish, a flavour of ice cream, or an idyllic afternoon spent in a fishing boat somewhere with your dad, the online version isn’t quite so cheerful.

Unfortunately, phishing attacks are still one of the most common security challenges that both common users and businesses face in keeping their information safe and secure.

Check your inbox and you’ll find dozens of attempted phishing messages from cybercriminals: “Congratulations, you’re the winner!”, “New voice message – 8.04pm” or a mysterious accountant informing you that you’re the heir to a wealthy prince. (If only.)

Some are blatantly obvious, but phishers are getting creative and finding more and more inconspicuous ways to steal your personal information without you suspecting a thing.

The (ph)facts behind the phish

According to the Action Fraud and National Fraud Intelligence Bureau, nearly 100,000 people reported receiving phishing scam emails in the UK in 2015. Police found that the most common subject lines for phishing emails was ‘Attention' followed by ‘Your account has been revoked', ‘Hello' and ‘Important Notification'.

The top email addresses were Do-Not-reply@amazon.co.uk, bt.athome@ecomm.bt.com and PQ8MPY@m.apple.com.

Any tech-savvy person will tell you that using email encryption is one of the safest and most efficient solutions to protecting your sensitive data from phishers. Significant advances in encryption technologies throughout the years have made it a lot easier to adapt and implement these protocols for your own setup and give you that extra bit of reinforcement.

But have you ever considered that cybercriminals use these tools too?

As we swiftly move forward in the world of security, cybercriminals are moving parallel and advancing their methods of encryption.

Hackers are starting to utilise AES (Advanced Encryption Standard), a method adopted by the US government and even the almighty NSA (National Security Agency). Phishers are encrypting their infrastructure designs to make the analysis of phishing sites and emails more difficult.

A casual analysis of the page will not reveal any phishing-related content, as it is contained in the unreadable encrypted text. Therefore browser and security software warnings are less likely to appear and the chances of those emails ending up in your junk folder are a lot slimmer.

What can you do to avoid a phishing email?

1. Know how to spot a phishing email

You should be careful when clicking on links in every email, even if it’s from somebody you know. Use common sense and ask yourself some essential questions: are there links in the middle of the email? Is the email generic or non-personal? Did you even sign up for the service or prize they’re offering?

If it has an attachment, whatever you do, don’t open it. Clicking that mysterious attachment could very well be your famous last click and infect your computer with all kinds of malicious code.

2. Enhance the security on your computer

A recent study showed that out of 150,000 phishing emails, 23 percent of recipients open phishing messages, and 11 percent open attachments! Spot the Trojan horse before it’s too late with excellent antivirus software.

Antivirus software will keep your beloved device in good health as well as helping you to eliminate any potential problems that could arise from phishing emails.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.