5 Common Types of Phishing Attacks

And how to protect you and your business

We will be discussing five of the most common phishing attacks that occur in businesses and how to best protect your IT network against phishing attacks. 

First, let’s have a closer look at phishing attacks.  

What are phishing attacks? 

Phishing is a form of a cyberattack where the hacker attempts to deceive the target into disclosing personal information, such as login credentials or transferring money. These attacks and attempts usually occur via email.  

The 5 most commons attacks and how to protect your organisation: 

1. Bulk phishing – is an email sent out to an enormous database targeting non-specific individuals to disclose personal information via fake ‘most common brand names’ to login into a counterfeit account to make payments via email links or ask for money transfers.

This approach is mostly seen as casting a wide net – by sending as many phishing emails as possible, and the probability of catching a few victims in the net is highly probable.

2. Spear phishing – typically arrive via an email targeting a specific person within a company. This form of phishing plays on the targeted individual’s trust by exploiting weak security practices that a particular person could use and then targets the person/company with a ransom fee to release the information back to the user.

What to look out for in a spear phishing email:  

  • Personalisation – helps to increase the email’s persuasiveness 
  • Contains authentic logos and branding – actual companies’ brand is correct within the email template 
  • But, the outbound link clicks into the actual ‘fake brand’ website. 
  • Pay attention to the sender’s name and email address: Example: Microsoft Support <info@micr0soft.12hh.com> 

(Look out for any odd numbers, underscores, and exclamations within the sender’s email address) this usually could be a sign of a false email address, indicating a potential spear phishing attempt.

3. Whaling phishing – this type of cyberattack targets a company’s senior employees. A whaling attack usually asks the target to make a high-pressured decision. Or pretends to be a Senior Manager and pressurises a junior member of staff into performing an action that the cyber criminal can profit from.   

Type of whaling attack: 

  • Wire transfer phishing – involving an invoicing fraud 
  • Credential phishing – aiming to steal login credentials – by asking the target to login to a specific ‘fake’ account allowing the attacker to steal information, or by being bold, simply asking to pay for something.

4. Vishing phishing – ‘voice phishing’ – usually via a phone call. Commonly use Voice over IP (VoIP) technology from a scammer, pretending to be a company’s representative, who attempts to elicit personal information from the caller, such as credit card or login details.

5. Smishing phishing – Smishing is very similar to phishing, however, the crimes are performed over text or messaging services like WhatsApp.  

 

How to protect your organisation from phishing?  

Educating employees: 

Education would be the most critical step to take; ultimately, human error is the most significant risk to a company’s data exposure – without the proper awareness, this can cause a lot of damage to any business.  

The Do Not’s:  

  • If you ever feel pressured into making a payment or financial decision on the spot. NEVER disclose any card security details, such as a PIN, internet banking login details, or card number over the telephone, email, or messaging.
  • Click on any links or open attachments – included in unsolicited emails or text messages.

Security features that can help eliminate the chances of getting phishing attacks:  

  • Setting up email filters – Use email solutions that have effective spam and junk mail filters.   
  • Anti-virus software – Having an-up-to-date anti-virus software, will ensure against any malicious attacks on your IT network. 
  • VPNs – If using public Wi-Fi to access sensitive information – having a VPN can encrypt your online data.

Download our FREE infographic

Get support today

Get in touch today for impartial help and advice – email hello@clairelogic.net or call us on 01865 989144

We regularly share informative content on the latest trends, best practice and things to watch out for…