Phishing threats are getting more and more sophisticated as cyber security measures become smarter. The main reason why phishing must be handled differently than other threats is because it usually tricks your users into clicking on something they shouldn’t and then giving important information to an impostor.
There are a number of different ways Phishing can come after you, and we’re going to look at each type.
Email Phishing is the most common form of this kind of attack that most users will come across. The user will receive an Email, usually from a fake email address that appears to be a contact they know, inviting them to click a link within the Email.
These links can appear to be important banking information, a free coupon or promotion, or just simply something work related. When the user clicks the link, they will be send to a fake webpage set up to get the user’s information. Usually the user will be asked to log in with their existing credentials.
Once the user has given their information, it will be sent to the hacker who will use it for different types of ransomware attacks.
This type of attack can also be used in SMS/iMessage or Social Media Messaging.
Vishing is the same basic concept as Email Phishing but through a phone call instead of an Email. The victim will receive a call that “requires urgent response” and the scammer will ask for comrpomising information such as credit card information, PIN numbers, or Social Security Numbers.
These scammers can also pretend to be companies like Microsoft or Apple, state your account is compromised, and attempt to get your password over the phone.
Spear Phishing is current the most successful type of Phishing attack today. In a Spear Phishing attack, the scammer will gather as much information as possible about a specific target in order to design emails or calls that will trick the target. An example would be crafting a Gmail recovery Email for a user that frequently uses Gmail.
Clone Phishing is a popular technique for hackers to use once they are have access to a user’s Emails. The hacker will craft a duplicate of a preexisting Email and resend it to a target, this time with a malicious link or attachment.
Hackers will use this attack if they want to target someone higher up in an organization.
There are a number of ways you can protect yourself and your organization from phishing attacks:
1 Make sure your company has good anti-spam measures in-place. The less spam that gets through, the less likely that a user will click on a malicious link. Many popular anti-spam programs will also alert you if you have been sent malware filled spam.
2 For any suspicious emails that do get through, report them immediately to your IT Professionals. While you recognized the attack, other users in you organization may not be as aware of the threat. By being proactive in your concern, you may prevent another user from getting duped.
3 Always be up-to-date on Cyber Security Training. Cyber Attacks are always evolving and finding more ways to steal our information. By taking part in regular testing, you can be prepared for the latest Phishing Threat. For best results, every user in your organization should be part of monthly testing. It only takes one user’s mistake to hurt your business.