Phishing 101: Discovering the Deceptive World of Phishing

Phishing is classified as a social engineering cyber attack since cyber criminals use their social skills to pose as a trusted or reputable source in order to solicit confidential information from their victim. Impostors typically use some form of email, phone or direct message in order to contact the victim and trick them into taking immediate action. This can open the door for hackers to not just steal data but also sell it on the Dark Web, infect your files with ransomware, viruses and other forms of malware.

How it works:

Cyber criminal will lure an unsuspecting recipient into opening an illegitimate file or link that is often sent in an email or found on a malicious website. Fraudulent emails are made to look like they are from a trusted/familiar source and the recipient is typically coaxed into providing some sort of personal data, credit card information and login password thus providing entrance for the attacker to penetrate your device and system.

Type of Phishing:

Spear Phishing- targeting a singular or specific individual rather than a large group. Commonly used on social media or sent by a recognized sender. This form of phishing relies on personalized touches to lure the victim.

Pharming – victims are sent or redirected to a fraudulent website that appears to be legitimate.

Whaling – targeting CEOs or other high-level executives. This form of phishing can be used to gain access to employee files, and request wire transfers for large sums of money.

Deceptive Phishing – most common type of phishing. Cyber criminals impersonate legitimate companies with realistic emails to persuade victims to give them personal data or login credentials. Emails can incorporate a sense of urgency or use threats to panic the individual into action.

Office 365 Phishing – bogus emails sent from “Microsoft” are sent in an attempt to have victims reset their passwords and allow criminals to gain access to their accounts via clicking on a fake URL.

Vishing and Smishing - Vishing (Telephone Phishing) and Smishing (SMS/Text message Phishing) have become commonplace recently and should be treated similar to other Phishing attacks. Do not give out any personal data and try research the number is you are in doubt.

How to prevent phishing

Phishing prevention is typically a collaborative effort in a corporate environment. It takes all employees, even executives, being educated and aware of potentially harmful web habits. A multi-layered approach is typically ideal when it comes to Phishing because of the modest application of this type of threat. Spam filters, two-factor authentications and VPNs are some of the many ways in which a company can mitigate the threat of an attack and help to protect user data if a breach does occur.

Prevention Fast Facts

When it comes to Phishing, awareness is key. Here are some quick steps to help keep you safe:

1. Educate employees/executives on email/attachment, web browsing protocol. It only takes one person to take the bait.

2. Be suspicious of unsolicited email, phone calls and messages requesting internal/personal information.

3. Verify credentials with the company if the person or situation seems suspicious.

4. DO NOT; click on any links, open attachments, reveal information or reply unless you are certain about the source and their intentions.

5. Pay attention to the Uniform Resource Locator (URL) of a website. Only use HTTPS protected sites.

6. Use next generation firewalls, email filters and antivirus tools.

7. Apply two factor authentication for emails and monetary transactions.

Other key factors that should trigger your suspicion are:

• Spelling/grammar mistakes littered throughout the message.

• Altered sender’s company email address

• Generic greetings and signatures or lack thereof

• Hyperlinks that do not match the body of the text when you hover over them.

• Odd or suspicious attachments

What this means for you

Phishing is a highly common form of attack that we are unwittingly faced with on a daily basis during our professional and personal lives. Many times, attempts go unnoticed as spam filters catch some and we ignore calls/messages from unknown numbers. However, for cyber criminals it just takes one person to take the bait and the entire organization can end up paying the price. Proactive approaches and organizational education is key to bolstering your company’s chances at preventing a breach.

We can help you defend your business

Are you concerned with Phishing posing a threat to your company?

We’re here to help! Talk to a cyber security specialist today and get expert advice, proactive strategies and the right-sized cyber security solutions tailor-fit for you organization. Schedule a FREE cyber security discovery call today.