We will be discussing five of the most common phishing attacks that occur in businesses and how to best protect your IT network against phishing attacks.
First, let’s have a closer look at phishing attacks.
Phishing is a form of a cyberattack where the hacker attempts to deceive the target into disclosing personal information, such as login credentials or transferring money. These attacks and attempts usually occur via email.
1. Bulk phishing – is an email sent out to an enormous database targeting non-specific individuals to disclose personal information via fake ‘most common brand names’ to login into a counterfeit account to make payments via email links or ask for money transfers.
This approach is mostly seen as casting a wide net – by sending as many phishing emails as possible, and the probability of catching a few victims in the net is highly probable.
2. Spear phishing – typically arrive via an email targeting a specific person within a company. This form of phishing plays on the targeted individual’s trust by exploiting weak security practices that a particular person could use and then targets the person/company with a ransom fee to release the information back to the user.
What to look out for in a spear phishing email:
(Look out for any odd numbers, underscores, and exclamations within the sender’s email address) this usually could be a sign of a false email address, indicating a potential spear phishing attempt.
3. Whaling phishing – this type of cyberattack targets a company’s senior employees. A whaling attack usually asks the target to make a high-pressured decision. Or pretends to be a Senior Manager and pressurises a junior member of staff into performing an action that the cyber criminal can profit from.
Type of whaling attack:
4. Vishing phishing – ‘voice phishing’ – usually via a phone call. Commonly use Voice over IP (VoIP) technology from a scammer, pretending to be a company’s representative, who attempts to elicit personal information from the caller, such as credit card or login details.
5. Smishing phishing – Smishing is very similar to phishing, however, the crimes are performed over text or messaging services like WhatsApp.
Education would be the most critical step to take; ultimately, human error is the most significant risk to a company’s data exposure – without the proper awareness, this can cause a lot of damage to any business.