Hackers are email phishing in shark-infested waters

Please see our Work from Home guide for you to share with your teams. We hope you find this useful.

Are you familiar with this saying? Make something idiot-proof and the universe just makes better idiots. Well, a variation of that trope can be used to explain email phishing…but the people designing phishing software and malware are far from idiots.

IT experts have been playing whack-a-mole with a half-tonne hammer. Anticipating the threat, the source, and – more importantly – mobilizing the fix takes time for software providers. They have to disseminate their upgrade to millions of users…

However, by the time developers have designed a solution to one game, the hackers are on to the next. They are capitalizing on the law of large numbers. They mine what they need from their email phishing efforts in short bursts, and shift to a new target.

They don’t need to hack every user every time…just some of them, some of the time. They profit by honing in on quantity, not quality.

IT departments have to play by the rules – international, federal, state and corporate. Hackers, on the other hand, don’t play by any rules at all.

Thanks to machine learning, it’s no longer a rigged game of botnet whack-a-mole

Botnets – robot networks – are managed by a single attacking party, known as the “bot-herder”. And, for the most part, they’re not out to hijack your identity.

Their primary objective is financial gain.

Each machine answers to a discrete bot, but is controlled by a network that has thousands – sometimes millions – of bots. The bot-herder is able to adjust tactics based on updates to individual or organizational systems.

It doesn’t rely on a malware download to achieve its objectives. It’s learning from the collective data gathered by responses to emails across its entire network and stealing financial information accordingly.

So, here’s the good news.

People tasked with identifying and eliminating these nimble hackers have come up with an equally nimble solution: machine learning.

The battle against email fraud has changed.

Email phishing in shark-infested waters

There are steps you can take to protect your employees from exposing themselves – or your company – to a security breach. With the vast majority of people in tech, accounting, law, finance, to name a few, are working from home, the crossover from work to personal online domains is blurry at best.

Arming them with basic failsafes is one of your responsibilities as an employer. You want them to be wary of emails that contain certain triggers and signals.

Email addresses with misspelled words. With so many hackers taking advantage of well-known online companies like Amazon, Apple, and chartered banks, your employees should look closely at the URL for switched letters or odd extensions.

Emails that tap into emotions. Unfortunately, hackers are playing on people’s fears around COVID-19, the vaccine, and their financial stability because of the pandemic. It’s the most prevalent trigger for an already jumpy population. The email addresses and websites can be legitimate, rather than a variation on Pfizer, Moderna, CDC, FDA, or any other agency dealing directly with the pandemic.

Emails that play on urgency. Most people think of their Inbox as a firehose. The input comes at them with a ferocity that can overwhelm even the most disciplined person. Email phishing counts on that sense of overwhelm, the need to deal with the most ‘inconsequential’ problems quickly. So an alert threatening discontinuation or interruption of a PayPal or Amazon account – highly relevant in today’s consumer climate – isn’t always scrutinized. Users quickly update their payment information…handing over their financial resources on a platter.

You can instruct your employees to watch for those traps and filter them out. But for the more subtle and persistent hooks, machine learning does the filtering for you.

Gone are the days when lists of potential email header threats were amassed and catalogued by hand, uploaded and implemented on a company server.

Using a two-stage classification process, phishing filters can collate and cross-reference patterns in headers and URLs and predict the likelihood of the source presenting a threat to your company, or members of your team.

The filter adapts to the ever-changing tactics used by hackers, remembering common threats and storing them, adjusting their algorithm and adding an unseen, highly effective layer of protection.

Please don’t tell me how it works, just make it work

If you’re managing an organization with a dedicated IT department, you’re counting on them to decode the rapidly changing threats that can expose your employees and your company to email phishing attacks.

Regardless of scale, though, your business can benefit from engaging the services of a software solutions provider who can guide you through the network options, and also provide training for your team.

An investment in IT security can pay dividends…both in the prevention of loss to your company, and to your valued employees.

If you’d like to learn more about email phishing and malware threats, contact us.

Related articles:

Contact me at technology@amaxra.com or call 425 708 8841 if you have any questions or comments on this blog.

about the author

Mike Arntzen

Mike is an experienced Technology expert who is skilled in Enterprise Software and Security and Cloud Implementation. He has a strong engineering background graduated from the Royal Australian Air Force School of Radio, with postgraduate studies in Fibre Optics from Royal Melbourne Institute of Technology. Known at Amaxra as "Mr FixIt" there isn't much Mike can't resolve. He has recently implemented Amaxra's switch to Skype for Business within the Amaxra office.

Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email technology@amaxra.com or chat with us on this website to find out more.

Special Offers

25% Off Business Voice for 1 Year
25% Off Business Voice for 1 Year

Expire - June 30, 2021


Microsoft Business Voice system delivers all of the must-have “standard” calling features that businesses rely on such as Caller ID, three-way calling, voicemail (with automatic transcription of the call sent to your email), music on hold, and the ability to intelligently route incoming calls by time zone, language, or availability.All existing business phone numbers can be migrated from the Microsoft Teams admin panel. Once the numbers are ported, employees can make phone calls from a Windows laptop, a Mac, and any iPhone or Android device using the Microsoft Teams app.

Learn More

How can we help you?

get in touch