5 Types of Phishing Attacks to Watch Out For
If you've spent any time online, you've heard of phishing attacks. The first phishing attack occurred in 1995 when compromised Windows application AOHell would steal people's passwords and use algorithms to create randomized credit card numbers. Since then phishing attacks have become far more advanced and many businesses have encountered an attack.
Here Are the 5 Main Phishing Attacks You Should Watch Out for:
1. Mass Campaigns
This type of attack is when a cyber hacker sends out a wide net of phishing emails to a mass audience from a fake corporate entity. Typically, the email will ask the user to enter credit card details or their employee credentials. This type of attack relies on their email spoofing skills and a sense of urgency. However, these emails are not always perfect and there are a few signs to look for:
- Does the information provided look real? Look for spelling errors or a sender email address that could have the wrong domain.
- Check if the logos look fake or odd.
- Double check emails that have a small amount of text and a large image.
2. Spear Phishing
This is an attack that targets a specific person or department within an organization. Things to watch out for include:
- Internal requests from people in other departments, or requests that seem outside the scope of the usual job function.
- Be cautious of links to documents on shared drives such as Dropbox, Office 365 applications, and Google Suite. The links could redirect you to a malicious website
- Documents that require a user login ID and password may be an attempt for a cyber hacker to steal your information.
- Do not click on a link from a 'known' website. Instead, go to the website through your browser. This way you know that you'll be entering the website in a secure way.
This type of attack is directed at senior executives or higher-profile targets within an organization. The goal of these attacks is to try and gain access to a company's platforms or financial information. Things to watch out for include:
- If a senior executive has never made contact with you before, be cautious of taking action.
- Ensure that the request appears normal, and is sent from a work rather than personal email.
- If the request seems urgent, it may be a large cost if it is fake. We recommend emailing or calling the individual directly to confirm authenticity.
4. Clone Phishing
As mentioned before, the attacks for phishing have become increasingly advanced. Clone phishing is no exception. This is when the cyber criminal copies a legitimate email that was sent from a trusted source and replaces the regular link with a malicious one:
- Be cautious of unexpected emails from a service provider. Though they may be part of every day communication, that is where the criminals are most likely to sneak in. Hover over any links to ensure that the actual link is the same as the one being shown.
- Be on the look out for emails that request personal information that the service provider hasn't asked for in the past. If you know the request is real, it would be best to go through the browser and type information directly into their website.
This involves a hacker trying to gain access through a non-email channel such as voicemail. Typically the attacker will leave a message that says they will send an email to you, however that email will most likely contain malicious links that could attack your computer. If a website or email doesn't look legitimate, get out of there! All humans make errors, but odd grammar mistakes are a good indication that the email contains malware. Double checking with the sender could save you and your organization from a cyber attack. Lastly, educate yourself and those around you about phishing. The more you know about phishing attacks, the easier it will be to spot and prevent them. If you want to learn more about phishing attacks and how to prevent them, schedule a free consultation with us here at iCorps.