There’s that age-old notion of “that will never happen to me” that lurks in our heads and seems to be part of our hard wiring, unfortunately.
Nothing could be farther from the truth – particularly in the case of phishing schemes. Simply ask Facebook or Google. Both of these computer titans were victims of a phishing scheme that duped them of more than $100 million over the course of a few years. The complete story can be found here.
Firstly, what is Phishing?
Phishing is the technique of sending out fraudulent communications that seem to come from a reliable source. Email is the most common method. The primary goal is generally to steal sensitive information such as credit card numbers and login credentials or to install malware on the victim’s machine. A communication is designed to seem to be sent from a reliable source. If the victim is duped, they are then persuaded to provide sensitive information.
Cybercriminals begin by finding a group of people to target. Then they send out email and SMS messages that look genuine but include harmful links, attachments, or lures that fool their targets into doing an unknown, risky activity.
- Phishers commonly utilise emotions such as fear, curiosity, urgency, and greed to get receivers to open files or click on links
- Phishing assaults are meant to look to originate from reputable organisations and people
- It only takes one successful phishing attempt to corrupt your network and steal your data, therefore always “Think Before You Click”
Here are the various types of Phishing to look out for;
Spear phishing goes after a few specific people instead of a large group. So, the attackers may be able to personalise their messages and make them look more real. Spear phishing is often the first step in a targeted attack on a company after the security has been broken. The SANS Institute says that spear phishing is responsible for 95% of all attacks on business networks that work.
Microsoft 365 phishing
The most common and easy ways for attackers to get into a Microsoft 365 email account are becoming the most common. Most of the time, these phishing schemes look like a fake email from Microsoft. The email says the user needs to change their password, hasn’t logged in in a while, or there’s a problem with their account that needs their attention.
There is a URL, which encourages the user to click to fix the problem.
Business email compromise (BEC)
BEC is an attack that is carefully planned and researched and pretends to be a company executive, supplier, or vendor.
It’s called “whaling” when someone goes after a “big fish” like a CEO. These attackers often spend a lot of time getting to know their targets so they can figure out the best time and way to steal login credentials. Whaling is especially worrying because high-level executives can get to a lot of sensitive company information through it.
Social media phishing
Attackers often look up their targets on social media and other sites to learn more about them. They use this information to plan their attacks.
Vishing, which is another name for voice phishing, is a type of social engineering. It’s a fake phone call that tries to get sensitive information like login credentials. For example, the attacker might call pretending to be a customer service rep or someone from your company. These types of scams often target new employees, but anyone can fall for them, and they are becoming more common.
We hope this post has broadened your knowledge on how to avoid being caught in a phishing scheme – when you know how to recognise phishing assaults, they are much easier to avoid. Cybercriminals just need one false move to get access to your data or your company’s infrastructure. Learn how to identify typical phishing methods to protect yourself, your family, and your enterprise.
If you would like to learn more about Business Technology and how we can help you avoid cyber-attacks, please click through for more details on our team and our services or give us a call on 021 531 5180.
Doing business better. Together.