Phishing is the most common social engineering attack type used today. Attackers use emails, social media, instant messaging, and text messages (a rising trend) to approach their victims. They trick victims into providing sensitive information or visiting a malicious website in the attempt to compromise their systems.
6 Sub-Types of Phishing Attacks:
- Spear Phishing
- Watering Hole
- Quid Pro Quo
In the coming weeks, we’ll discuss each of these sub-types in greater detail. For now, we will discuss phishing attacks in general and what they have in common.
Messages are composed to attract your attention, stimulate curiosity, provide very little information, and suggest that you visit a specific website to gain further information. Messages aimed at gathering a user’s information present a sense of urgency to trick you into disclosing sensitive data to resolve a situation that could get worse without your interaction. Attackers leverage shortened URLs or embedded links to redirect you to a malicious domain that could be a clone of a legitimate site with a URL that appears legitimate. In many cases the actual link and the visual link in the email are different. Phishing email messages have a deceptive subject line to entice the recipient to believe that the email has come from a trusted source. Attackers use a forged sender’s address or the spoofed identity of the organization. They usually copy contents such as texts, logos, images and styles to make it look genuine.
What should you and your employees do to avoid these attacks?
- Think twice before clicking.
- If you’re not expecting the email, it is probably a scam.
- Take the time to consider the legitimacy of the email before following its instructions.
- If there is a link in the email, hover your mouse over it. Check to confirm that what is in the box that pops up exactly matches the visual link. Oftentimes, they don’t, but attackers are getting much sneakier by the day.
- Know this: no legitimate company is ever going to ask you for your password or any other personal information via email.
- Also, no legitimate company seeks out random people to help. If you did not solicit the help, its probably a scam. (contests you haven’t entered)
- If you think a company needs you to update your information, call them directly; Do not call the number provided to you in the email.
We take the security of our clients and prospects information very seriously. We’re here to help with your company’s IT and that includes training your employees on the ever-changing threat landscape of cybersecurity. Would you like to know who on your team is more susceptible to phishing than others? Would you like to know which types of attacks your team is most vulnerable to? Please call (504) 372-1372 to schedule an appointment today!