Email is one of the major medium people use to exchange messages in the corporate world. A study by Radicati Group predicts that about 4.7 Billion people would be using email to communicate by the end of 2025, and that already, the average office worker receives and sends 121 emails in a day. This makes email very important in the corporate world, and hackers are aware of this.

When they target telecommunication industry staff, they do so via their corporate emails. Hackers learn to clone emails that look like they come from the company’s manager, and they have a call-to-action button with a message crafted in such a way that it gives a sense of urgency for the link or button to be clicked. These messages often come in the form that asks the staff to click to update their anti-virus software due to a recent hack or asks them to click to change their password to avoid security issues or asks them to click on a link to upgrade their storage since they are running low on storage which may prevent new emails from being received. When staff click on these links, they are either presented with a software to download or a phishing web-page to type in their login details on. If the staff does any of these, the hackers can gain access to confidential information or install malware on the telecommunication company’s network which can be used to carry out more attacks on customers.

What makes email phishing easy to carry out is that emails can be sent from any server and the FROM ADDRESS part can be made to look like it came from an address that never sent the email. Although there are tools that have been developed to fight these such as Sender Policy Framework but addresses are so easily cloned. Some hackers carry out email phishing by creating an address that looks so similar to that of the sender, but with letters such as I, i, L, l, 1, 0 and O used interchangeably to deceive the reader. An address donatus@gmail.com can be cloned by creating d0natus@gmail.com and it would take careful supervision to spot the difference.

RECOMMENDATIONS

Since email phishing come in a way to visually look like they come from a certain company, or they come in a FROM ADDRESS that resembles a known person, the recommendation combats the FROM ADDRESS part of an email would look similar to what has been learnt from web-page phishing recommendations. For every phishing domain name successfully created, an email address can be created for it. So someone who created mtnonline.com.promo.scam.com.ng can create an email like marketing@mtnonline.com.promo.scam.com.ng to impersonate marketing@mtnonline.com

It is important that staff who mostly use email for communication are advised to always inspect the source of an email message carefully before opening the message, before clicking on any call to action button or links, and before replying to the message. Staff should be patient enough to look at the full details of the FROM address before taking any action.

Companies are also advised to use corporate email addresses that has their company domain name in it rather than public addresses such as gmail and yahoo mail. The public addresses are easier to clone as anyone can create a similar looking email address to that of mtnonline@yahoo.com if they used such address. Some of the addresses that could be created would simply replace the letter “oh” (o) with the number “zero” (0) or the letter “i” and “L” with the small letter of “L” and the number “one” (1) respectively. But since MTN Nigeria has their own domain name for corporate email, a hacker would need to get access to their domain name configurations to be able to create email addresses with them.

Email server administrators should enable Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM) which are two technologies that are used to verify that emails sent out actually came from the address in the FROM field. Antispam softwares should also be installed so that received emails are filtered such that suspicious ones end up in junk folder.

Email users should be taught to quickly exit a login page that does not match the domain name field, especially when they just landed on the page right from a link in an email message. If the message promised to increase storage, staff should write to their email server administrators directly rather than clicking in a link in an email.

Ethical hackers should randomly send phishing emails to employees of telecommunication companies to see what types of emails they would fall prey to and learn how to better educate them.