How to prevent cybercriminals using synonyms in an email phishing attack
As part of a new data claim advice thought leadership blog series, our IT Skills Developer, Louise Valentine shines a light on email phishing attacks in use by cybercriminals right now.
How cybercriminals are using synonyms in email phishing attacks
If you use a trustworthy email account, most have security filters that scan incoming emails for keywords.
We know this because certain keywords that accompany other suspicious elements within an email generally results in the email being filtered through to your spam folder.
Unfortunately, cybercriminals are getting wise to this and are now finding new ways and means to bypass such filters and get through to your main inbox.
How, you ask? The bad guys out there for our data are replacing commonly used words with synonyms (words or phrases that effectively mean the same thing.)
Examples of a synonyms in an email phishing attack attempt
In a recent phishing attack we were made aware of, cybercriminals replaced the term “invoice” with the synonym “Remittance Advice”.
As “Remittance Advice” isn’t a common keyword, the phishing attempt had some success bypassing the security wall and filtering through to the main inbox.
The email also includes an image that looks like an attachment. If you were to click on the image, this then leads to a dangerous phishing site.
How you can protect your inbox from synonym phishing attacks
Here’s how you can stay safe from email-targeted data breaches:
Never click a link or download an attachment: Don’t download anything from an email that you are not expecting.
Watch out for uncommon language: Remember the example above, in reference to “Remittance Advice.”
When an email claims to include an invoice: Try and find evidence of this transaction elsewhere. Be vigilant to credit charges and be aware of those who have your card details.
We are here to support you if your data has been compromised
Sometimes, you will have done everything within your power and control to defend yourself, and your data can still be breached.
Such attacks can lead to tremendous distress, as the result means your personal information becomes available to cybercriminals. If this happens, we’re here to help