All these attacks are targeting a range of organizations, especially in the following industries:
Healthcare/Medical, Banking/Credit/Financial, Education
The rapid rate at which phishing attacks are increasing, make phishing a serious threat to all organizations. Your organization must know how to identity the phishing scams in order protect corporate information. The LanDynamix team will discuss some of the most common types of phishing attacks below and provide useful guides on how your organization can remain protected.
SPEAR PHISHING
The most successful phishing scams rely heavily on personalization. Enter spear phishing cons.
Using this strategy, impersonators tailor their attacks with your name, position, company, work phone number and other personal information to trick you into believing they have a connection with you.
The objective of this scam is to trick you into clicking on a malicious URL or email attachment so that you will disclose your personal data. It takes a large amount of information about you to craft a convincing attack attempt, so spear phishing is usually on social media sites like LinkedIn where attackers can utilize multiple data sources to craft a targeted attack email.
To protect against this type of attack, companies should invest in solutions that analyse inbound emails or malicious links/email attachments. Our managed IT security solutions are capable of picking up on indicators for both known and zero-day threats.
DECEPTIVE PHISHING
This is by far the most common form of phishing con. This type of attack involves hoaxers impersonating a real company to steal your personal data or login credentials. Fraudsters using this attack will send you emails that utilize threats and a sense of urgency to scare you into doing what they want.
To execute a deceptive phish successfully, the attack email must resemble a piece of official communication from the abused company. As a result, you should inspect all URLs carefully to see if they redirect to an unknown and/or suspicious website. Other factors you should look out for are generic salutations and spelling errors.
CEO FRAUD
Don’t let the name mislead you, CEO fraud is targeted at anyone in your company who has the power or authority to enable payments or provide vital information. As we have observed from various high-profile cases, criminals assume the identity of an authority figure in a company and make request to the accounts of a company to action payments.
You must be watchful and double-check any ‘phishy’ sounding requests and always keep in mind that the boss will more annoyed by a million-rad scam than as extra phone call here and there. Therefore we make sure our clients inject multi-factor authentication (MFA) channels in all their financial authorization processes so that no one can authorize payments via email alone.
VISHING
Okay, so we’ve discussed phishing attacks at length and how they rely solely on email as a means of communication. There is another form of phishing attack called vishing, which goes for placing a phone call. This is executed by setting up a Voice over Internet Protocol (VoIP) server to imitate several entities in order to steal your sensitive information and/or funds.
To protect yourself from vishing attacks, you should get into the habit of not answering calls from unknown numbers, never give out personal information over the telephone and make use of a caller ID app.
PHARMING
Pharming is when cyber criminals hijack a website’s domain name and configure it to direct you to fraudulent site where you requested to provide your sensitive information. Phishing extends from emails to dodgy websites and you can avoid this by always checking the certificate of website you are on by going to File > Properties > Certificates. Our security products our security products will automatically block suspicious websites, drawing your attention to potential traps.
To protect yourself from vishing attacks, you should get into the habit of not answering calls from unknown numbers, never give out personal information over the telephone and make use of a caller ID app.
Using this guide, your company will be able to more quickly spot some of the most common types of phishing attacks. Even so, that doesn’t mean you will be able to spot every phish. Phishing is continuously growing and adopting new forms and techniques.
With that in mind, it’s imperative that companies conduct security awareness training on an ongoing basis so that employees and executives can stay on top of phishing’s progress.
For more information o how you company’s personnel can spot a phish, please contact our technology advisors.