Data security is vital to any business. Learn how SHTML phishing works and how to minimize the risk of your data falling into the hands of attackers.
Email phishing has been in the playbook of hackers since, well, email. What’s alarming is the scope in which criminals can conduct these attacks, the amount of data potentially at risk, and how vulnerable many businesses are to phishing attempts. Here’s what you need to know to spot the hook and protect your data from being reeled in.
How Does Email Phishing Work?
A phishing email typically contains an attachment in the form of a server-parsed HTML (SHTML) file. When opened, these shady files redirect the user to a malicious website often disguised as a legitimate product or service provider. The website then requests sensitive information such as the user’s address, date of birth, social security number, bank account number, etc. in exchange for providing said product or service.
Users who comply end up giving their information to a criminal who may then sell it to various illegal organizations. Victims may end up losing money and having their identity connected to criminal activity. The attackers may even offer to sell the information back to the owner for a hefty ransom. For businesses, the damages can be irreparable. Phishing is often the launchpad for large-scale cyber attacks, and businesses that fall victim can lose not only cash and assets, but the trust of current and would-be customers.
Who Does SHTML Phishing Target?
While many individuals fall victim to phishing, the main targets are businesses in the banking and finance sector. The sender may use a seemingly legitimate email address, often posing as a trusted, reputable organization. They may goad users to open attachments by claiming to be the IRS, a wealthy businessman offering a lucrative deal, or, ironically, a security provider offering to scan the user’s computer for vulnerabilities. While many phishing attempts are obvious, some can be convincing, and all it takes is a hasty click to give the phisher what they want.
Types of SHTML Phishing
Depending on the attacker, a phishing attempt can range from simple and generic to detailed and personalized to fit the target. For businesses that conduct large quantities of transactions, a phisher may send a simple email claiming to provide a receipt for their purchase. Others may send invoices. Sophisticated attackers may gather information about the business including its suppliers, partners, and even names of individual employees. They may then create fake accounts disguised as these trusted entities, fooling the target into giving away sensitive data. While most phishing attempts fail, a convincing premise combined with a busy, distracted user can equal success – and disaster.
Potential Signs of SHTML Phishing
Being proactive and training your employees to spot phishing is the best line of defense. Here are some potential red flags that may, but not always, indicate that an email is a phishing attack:
Poor spelling and grammar
Strange characters and punctuation
Email addresses comprised of a seemingly random combination of letters and numbers
Emails claiming to offer large sums of money
Emails claiming that you owe a large sum of money
Emails claiming that your data is at risk and offering protection
An overly lengthy or short email body
Attachments with file types you don’t recognize
How to Protect Your Business from SHTML Phishing
While there’s no way to guarantee that your business will be 100% safe from phishing attacks, you can take precautions to greatly minimize your risk of becoming a victim. Many email clients have rules that automatically filter out suspicious or spam emails. Savvy IT professionals can create additional rules to identify and block phishing emails.
The greatest defense is training every employee to recognize the red flags, especially the not-so-obvious ones. Make basic data security a part of the onboarding process, and hold presentations and seminars several times a year to keep employees aware and bring to light any new threats they should look for.
Data security is more relevant than ever, and businesses need to stay up to date on the latest cybersecurity threats. Is your business taking the necessary precautions to keep phishers away?
ICS is a Texas-based 40-year-old technology company specializing in Managed IT, VoIP, Video Conferencing and Video Surveillance solutions for US and International businesses. ICS has over 4000 regional installations and specializes in multi-site businesses between 25 and 2500 employees. ICS’s customers enjoy the experience of ICS’s Total Care program which provides clients flat fee services with obsolescence and growth protection. Whether a customer elects to deploy their IT, Video Conferencing or VoIP in the cloud or on the customer’s premise, ICS can provide a full turn-key solution for our clients under one flat monthly fee.
ICS Specializes In Managed IT Services, Business Telephones, Video Conferencing & More.
Book your initial consultation with ICS using the form below.
ICS will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.
Get Started with a 60-Day, Risk-Free Trial with our IT Services
We offer managed IT services for large to small organizations at a flat-rate monthly fee. You can get started now with a 60-day, risk-free trial. If you’re not 100% satisfied with our services, you’re able to cancel your contract – no questions asked. ICS works hard to earn the trust of each and every business we work alongside.