When you hear about phishing, you might hearken back to the earliest phishing scams, like the emails from the Prince of Nigeria saying you won millions of dollars and all you had to do to claim it was provide personal information. These primitive attacks were designed to prey on individuals as yet unfamiliar with the lawlessness of the nascent Internet.
Today, most people are far too savvy to fall for these ham-fisted tactics, which is why phishing scams have grown a lot more sophisticated. Now, seemingly legitimate emails could open the door to all kinds of cyber threats, from data breaches to ransomware attacks. What are the most common phishing scams used today and how can you protect against them? Here are a few things you should know.
This broad term pertains to any type of phishing attack that targets a specific business and/or specific individuals within a business. In most cases, cyber criminals will attempt to obtain as much information as possible on their target in order to craft emails that seem like legitimate requests for data or click-through that allows hackers to install malware.
Cloning is an extremely sophisticated form of phishing that utilizes the illusion of legitimacy and authority to create trust and prompt a response from email recipients. Clone emails may appear to come from reliable sources like business partners, vendors, banks, and so on.
They may use the same logos and language as legitimate emails from those sources. They will urge recipients to click a link to the sender’s homepage, at which point the recipient unknowingly agrees to download some kind of malware.
High-profile targets such as executives are a prime target for phishing attacks, and because of the level of importance these individuals hold, such attacks are known as whaling. Should whaling attacks prove successful, hackers can often gain access to areas of the corporate network that only C-Suite employees are privileged with.
This type of phishing scam is difficult for the average person to spot because it relies on changing IP addresses for known domain names. Suppose, for example, an employee needs to check business accounts and types in the name of the bank in the address bar (www.wellsfargo.com, for example). With a pharming scam, the employee would be redirected to a false website that looks like the original and directed to enter login information, which cyber criminals would then steal and use to get into accounts.
Dropbox/Google Docs Phishing
This is the height of sophistication when it comes to phishing scams because cyber criminals create fake Dropbox or Google Docs login pages that are actually hosted and secured by the platforms themselves, making them appear legitimate.
Phishing scams are frighteningly sophisticated these days, but there are several options to protect your company against them. The first step is to train employees to behave appropriately. For example, employees should never click-through on links from emails, even if they appear legitimate or come from known sources. They should always open a new window to contact the supposed source of the email directly.
As for pharming, employees should know to only trust websites that are secured with the HTTPS designation and the green lock icon. You can even avoid phishing scams on secured Dropbox and Google Docs accounts by instituting 2-step verification measures. This way, even if criminals gain access to login information, they won’t have the second verification required to actually log in to accounts.
Of course, keeping your firmware up-to-date, implementing protections like antivirus and anti-malware software, and using a reputable and reliable monitoring and maintenance provider like CTI Technology are all important, as well. With the right training, tools, and partnerships in place, you can avoid succumbing to phishing scams and all the damage they cause.