We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.

croom new

Preferred Blog

Preferred has been serving the Tinley Park area since 1991, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

A Field Guide to Phishing Attacks

A Field Guide to Phishing Attacks

Despite the name being mildly amusing, phishing attacks are no laughing matter. These scams, in all their different forms, wreak havoc on businesses—ranking as the top breach threat in the 2020 edition of Verizon’s annual Data Breach Investigations Report, and successfully impacting 65 percent of United States organizations in 2019 as reported by Proofpoint’s 2020 State of the Phish Report. Avoiding them requires you to be able to spot them, so let’s go over the different varieties of phishing that can be encountered.

Phishing

Of course, before we begin, it is important that we establish what a phishing attack looks like at its essence, as all forms of phishing share a few of these same traits.

In a phishing attack, a target is sent a message that appears to come from a trustworthy contact to manipulate the target’s response. For example, one of your employees may receive an email that looks like it came from a prospect, a client, or vendor… presumably one that they should open. However, rather than opening the message to a legitimate communication, the email would either deliver malware via a download or send the recipient to a malicious website.

Due to this simple basis, phishing can be used as the foundation to various scams, delivered in different ways and relying on different tactics to take advantage of different targets.

Business Email Compromise

In a business email compromise attack, an attacker will pose as an authority figure or resource to coax users into transferring money into an account under the attacker’s control. By writing this email to suggest urgency, the attacker can effectively scare their target into acting without thinking.

These phishing attacks have the potential to be quite lucrative, with the average request in Q2 2020 totaling $80,183.

Clone Phishing

Some attackers play copycat with their phishing messages, duplicating a legitimate email that their target would likely have encountered before. In doing so, they make their attack appear more convincing and thereby more likely to fool their intended victim. The lone difference—the included link is switched out for one that directs the target to a spoofed website, with a disclaimer explaining why resending the email was “necessary.”

Smishing

Not all phishing attacks are distributed through email. Nowadays, smishing attacks—those dispersed via SMS—are another common enough tactic used. One of the main reasons that smishing is frequently successful is that people aren’t anticipating being phished through a text message. Text messages are also far more often read and responded to as compared to emails (98 percent read and 45 percent responded for texts, as compared to 20 percent read and 6 percent responded for emails).

On top of all that, mobile devices often don’t uphold the same security standards that a workstation will, leaving a user more vulnerable by default. 

Spear Phishing

Spear phishing is a phishing attack that goes the extra distance. Rather than targeting a user through a generic message, the cybercriminal will have done their due diligence and researched their intended victim. Because these attacks take more time and effort to execute, spear phishing is typically leveraged against higher-value targets. Due to how these attacks are crafted, spear phishing is also a tactic that features a higher level of success. These are even more dangerous for your users.

Vishing

Vishing, or voice phishing, is a phishing attack conducted over the telephone. By calling up their target under the guise of a business or a financial institution, a scammer can extract credentials and other personally identifiable and sensitive data from their target.

Whaling

As the name would suggest, whaling is a phishing attack that targets the biggest person in an organization: the boss. As the head honcho, it stands to reason that the business owner would have the most access to the business’ resources and data, enabling the cybercriminal to steal the greatest possible amount.

The CEO isn’t always the recipient of these types of attacks, either. Instead, other personnel will receive an email that looks like it is from the CEO or another high-ranking manager. The messaging in this looks casual and rushed, usually requesting the employee to send money or log in somewhere, or send credentials back. We’ve seen a lot of these going around the last few months, and it’s very important that your staff is looking out for this.

With the amount of background information that these attacks require to be pulled off, it isn’t uncommon for an attacker to do some research through social engineering and reviewing publicly accessible information to make their story more believable.

Phishing is a Serious Threat

While phishing can be largely avoided with the proper diligence, your team will need to know what they are looking for to stop it effectively. Preferred can help. Find out what we can do to help keep your business secure by calling 708-781-7110.

Tip of the Week: Sign a PDF in Windows
Social Media Is A Tool For Any Sized Business
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, November 16 2024

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Blog Archive

      Latest Blog Entry

      Financial management and accounting are two business needs that apply to all organizations of any size or industry. Fortunately, these organizations have access to tools like Intuit QuickBooks to help them fill these needs in a way that is accessible and convenient. Let’s re...

      Latest News

      Best Places to Work - 5 YEARS STRONG!!

      Preferred is once again, honored for being a Best Place to Work for the fifth straight year!  Our team is what makes Preferred a Best Place to Work.  

      Daily Herald Suburban Business 2024 Best Places to Work Honorees The Daily Herald Suburban Business has announced the names of 51 companies, in 5 categories of competition, that are honored as the 2024 Best Places to Work in Illinois. This statewide survey and awards program was designed to identify, recognize and honor the best places of employment in Illinois, benefiting the state's economy, its workforce and businesses.