How does it work?
Scammers want information, and they try to extract it by tricking recipients of emails. The information they collect could be an organization chart - or as significant as usernames and passwords to corporate resources.
First, attackers collect email addresses – from public postings, social sites and guesses at a company’s email address format, such as firstname.lastname@example.org. Next, they email a compelling offer, pretend to be a service provider, or try to impersonate the IT team among other tricks.
In most cases, this is a very convincing and short text-only message – for example: “Your mailbox has reached the enterprise limit, click here or reply to this email to request an increased mailbox size from IT if required”, to much more sophisticated, “I’m an administrator for your company’s benefits program and am contacting you to take a look at the changes we will be soon making to the program, click here to see the details before we schedule a quick call to discuss.”
Some recipients who do fall for these tricks will reply to the offer, and sometimes it also results in an actual conversation between the user and the attacker that will lead to an innocent but significant request if a two-way dialogue is entertained by the user.
How can I protect against it?
User education is a good step. Additionally, look for an email gateway with a machine-learning function and real-time IP reputation scanning. Ability to detect suspicious language and sender aspects is key. Solutions must also be capable of separating such scams from the user-releasable quarantine to avoid any risks of users getting access to such kinds of phish.