Kaspersky Lab solutions blocked more than 945,000 attempts by users from Azerbaijan to visit phishing pages in 2023.

Despite the growing popularity of instant messengers, email remains an important tool for business communication – and at the same time a way to distribute phishing links. Phishing emails can lead to the loss of confidential data, financial and reputational losses for businesses. Kaspersky Lab experts talked about the most common methods used by attackers.

Phishing
The purpose of phishing emails is to trick users into giving up confidential information, such as logins and passwords, payment details. They usually look legitimate: to make them appear credible, attackers send them supposedly from the address of a reliable sender, such as the HR department.

Phishing emails are often used to trick employees into giving up corporate credentials. They can be used to gain access to a corporate system and steal confidential information, including customer data and non-public business information.

Phishing resources are usually distributed via links embedded in the text of an email or via attachments, such as PDF and HTML files. In this case, the HTML attachment itself can be a phishing page. Phishing links can also be distributed via QR codes.

To convince users to click on phishing links, fraudsters use different methods, which are difficult to clearly categorize. However, several of the most common schemes can be identified:

• notifications. For example, this could be a request to urgently confirm login details for an email or other service, a warning about suspicious messages.
• business correspondence. The user may be sent a supposedly important work-related document, which can be viewed or downloaded via a link specified in the email. For example, under the guise of invoices for payment of an order.
• delivery of goods. The victim may receive a message about the delivery of goods. To allegedly confirm it and read the accompanying documents, you need to follow a phishing link. Fraudsters may claim that the address was incorrectly specified during registration or that other important information is missing.

Vishing
Vishing is a voice phishing, the purpose of which is to obtain confidential data or money through communication over the phone. As a rule, the user first receives a fraudulent email message informing about some problem. For example, a notification about the renewal of a paid subscription or suspicious activity on a bank account. To solve the problem, you need to call by phone, the scammers claim. The number is usually indicated either in the text of the email or in an attached DOC or PDF file.

Compromise of business email
Attacks of this type are usually targeted and extremely complex. Their goal is to deceive employees within the organization into making unauthorized financial transactions or disclosing confidential secrets.

First, the attackers try to initiate a dialogue with the victim under some pretext and gain their trust. For example, the user may receive an email allegedly from the CEO or another high-ranking employee who asks to fulfill some important request, make an urgent payment. However, upon closer examination, you can notice suspicious signs, for example, that the address does not match the real one. Often, the attackers simply use some free domain.

Since the victim is gradually drawn into the scheme, using sophisticated tricks, it can be difficult to detect the attack at an early stage.
 

Malicious software
There are also malicious emails whose purpose is to download malware to the user's device. This can lead to data leakage or disrupt the operation of the corporate system.

Malicious software is often distributed through attachments, such as archives. For example, in the form of executable files or infected Microsoft Office documents. Emails may also contain malicious links: both in the message body and in attached files (e.g. PDF, DOC).

The attackers' schemes are similar here: the user is tricked into opening a document or following a link, for example, with a request to confirm a payment, the receipt for which is supposedly in the attachment.