Here, phishy phishy. A phrase you wouldn’t normally associate with IT, but one that’s related to one of the most common cybercrimes today—phishing. This is a type of attack that uses emails, phones and/or texts to access confidential information, which can lead to identity theft and substantial financial losses for victims. In fact, nearly 80% of security incidents are due to phishing scams.
“Phishers” often gain access to information through manipulation by pretending to come from a legitimate source and include malicious links in emails demanding payment or other types of information. Once the victim clicks the link, their device and information are immediately compromised.
There are various forms of phishing, but here are just a few to be on the lookout for:
- Angler Phishing – Through social media, attackers use fake URLs, instant messages and/or profiles to steal information.
- Clone Phishing – A tactic used by attackers to duplicate email addresses in hopes of appearing legitimate.
- Domain Spoofing – Attackers imitate a company domain to appear to be an actual person from the company.
- Email Phishing – This is probably one of the most common forms and one that most people think of. This occurs when attackers use fake emails to try and gain access to your information.
- Search Engine Phishing – In this scheme, attackers create a website that mimics a legitimate website. They try to convince site visitors to download products infected with malware from the website, or provide information in forms, which is then sent to the attacker.
- Smishing – Phishing + SMS=Smishing. Attackers send “fake” text messages to recipients in hopes of gaining information such as passwords and/or credit card numbers.
- Spear Phishing – Attackers take their time and slowly gather information from people. They eventually use this to appear to come from a reputable source by sending personalized phishing emails that seem legitimate.
- Whaling – This is an attack that targets higher level employees and usually involves very sophisticated social engineering tactics to help sell the fake even more.
- Vishing – Attackers make phone calls by attempting to appear legitimate and try to obtain personal information.
While phishing is considered a type of dangerous cyberattack, there are also many other forms to be aware of so you can better protect your information. Here are just a few other common types:
- Malware. Different types of malicious software created to obtain data, gain unauthorized access to networks or compromise systems.
- Ransomware. This is a type of malware created where cybercriminals use various types of methods to encrypt your data, which locks and prevents you from getting back into it. To regain access, attackers demand money as ransom.
- Social Engineering. Completely opposite of malware, this is a method used to gain access to information using human manipulation. Attackers pose as legitimate sources in hopes of accessing confidential information.
Prevention & Protection
While all attacks can’t be prevented, there are things you can do to help mitigate them and keep your information protected. First things first, always protect your devices and systems with trustworthy security software and firewall protection. In addition, it’s always good to provide training for your team members on how to identify phishing scams and what to do if they come across one.
As with any form of cyberattack, careful action and the use of excellent security software executed by a trusted MSP are a step in the right direction when it comes to combatting cybercriminals. If you have any questions or would like to discuss our services, you can contact Entre Technology Services.