Tech Bit: Phishing Pt. 2

As technology evolves, so do phishing attempts. This makes it nearly impossible to prepare for all types of phishing attacks. In this post we will break down 2 forms of popular phishing attacks and the best way to combat them.

Breakdown of potential phishing attacks:

Credential Stealer – An attacker will make a convincing clone of an existing webpage such as a Google account login screen or Facebook login screen. The idea behind this clone of a webpage is to have a victim enter their credentials (username/password) giving the attacker access to their account. Some popular examples of this attack are account verification, sharing files on the cloud, and package delivery. All of them revolve around receiving an email marked with apparently legitimate indications it is from a real company or organization such as Amazon, Google, or UPS. All 3 examples share the same purpose of luring you to enter your login information giving access to the hackers.

Malicious attachments – In our Increasingly technology-based world, it is more likely that companies you use regularly will contact you via email. Examples such as your bank, Google, or even your anti-virus service providers. This gives hackers a whole new opportunity to attack you based on specific services you use. Hackers create emails nearly identical to the ‘Credential Stealer’ emails, with one major difference: They come with a malicious attachment. These attachments may include fake reviews of your recent bank activity. Once you click to the see your bank activity in this malicious attachment your computer can be infected with viruses or malware.

Credential Stealers and Malicious Attachments are just two attack methods. Targeting methods used by hackers include the following:

Vishing – Refers to phishing done over phone calls. Since voice is used for this type of phishing, it is called vishing → voice + phishing = vishing.

Smishing – The user is targeted by using an SMS (short message service) alert.

Search engine phishing – Refers to the creation of a fake webpage for targeting specific keywords and waiting for the searcher to land on the fake webpage.

Spear Phishing – Unlike traditional phishing, which involves sending emails to millions of unknown users, spear phishing is typically targeted in nature, and the emails are carefully designed to target a particular user.

Whaling – Similar to spear phishing, expect whaling targets a more specific and confined group. Whaling is more focused on “landing the whale” and targeting higher level executives, while with spear phishing anyone from the top or the bottom of the company is at risk.

Phishing schemes will continue to develop and update as does the surrounding technology, but there are ways to prevent the attacks described above:

The most significant thing you can do to ensure your business is taking the correct steps against phishing attacks is working with a trusted MSP. With how impossible it may seem to stay up-to-date with threats regarding technology is where your MSP should step in and be your knowledgebase for technology. Phishing prevention and protection requires a multi-layered solution. A full stacked solution can consist of a plethora of things such as scans, phishing tests, monitoring, and much more. These solutions can be custom tailored to fit your business as no business is 100% the same as another. Phishing hackers won’t care whether you are a small or large business. They will target their victims without discrimination.

Like any other security risk, it’s better to act proactively to phishing rather than reactively. Contact us today at (260) 482-2844 to begin the process of tailoring a solution specifically for you.

Our simple process to get your business secure:

1. Discovery – An initial meeting to learn more about your organization and what you do.
2. Assessment – Our engineers examine your network and policies to learn how to best project you.
3. Implementation – We deploy our solution designed specifically for your organization followed by exceptional ongoing service.

Thank you for reading!

Citations:
Preethi. “14 Types of Phishing Attacks That IT Administrators Should Watch For.” SysCloud Blog, 8 Jan. 2019, blog.syscloud.com/types-of-phishing/.

Slavin, Brad. “Top Phishing Email Attacks Worldwide in 2018.” DuoCircle, 12 Feb. 2019, www.duocircle.com/phishing-protection/top-phishing-email-attacks-worldwide-in-2018.

Wright, Jordan. “The Trouble with Phishing.” Duo.com, Duo Security , 2016.

Click below for part 1 on Phishing