Phishing has become one of the most common cyberattacks in internet history. Internet should be a safe place to navigate without any threat around the corner. Unfortunately, it isn’t.
Phishing represents a “dangerous social engineering cybercrime” that aims to steal your confidential/personal information such as
- Usernames
- Passwords
- Addresses
- Files and photos
- Credit cards details
- ID Card data
Such attacks are increasing day by day.
There are over 45,794 unique phishing websites with over 87,386 unique phishing email reports and over 310 business being targeted by phishing attackers day by day
Six types of phishing you should pay attention to
Phishing comes in many forms depending on how it is selected and how it interacts with the victim:
1
Spear Phishing
Most of the time it targets companies for obtaining the credentials (username and password) of a high-value employee.
Typically, such attacks involve fake emails that appear to come from a legitimate source like a director of an external vendor of your company which requires a quick transfer of funds, necessary for supply chain activities. Lately, these emails are accompanied by insistent phone calls in which the criminal presents himself as the author of the email.
Protect yourself – Double-check with the source via a secondary channel (eg.: by phone) that indeed the information is correct
2
Catphishing
It involves creating a false online identity of the criminal (social media profiles, pictures, etc.), meant to lure the victim into an ambush to get money, sensitive information, or just to humiliate the victim.
Protect yourself – Be cautious. Information found online may not be true. Always double-check.
3
Vishing or voice phishing
It aims to extract sensitive information from the victim by phone calls.
Protect yourself – Do not reveal any sensitive information to unknown callers. If something seems phishy it’s best to just stop the call.
4
SMiShing or tishing
It involves sending SMS messages containing links toward fake sites that appear to look like legitimate sites to intercept personal data.
Protect yourself – Do not follow the links unless you trust the source.
5
Rock phishing
It involves the use of a “botnet” to send a huge amount of phishing messages to a range of users. These emails contain messages that appear to come from financial organizations, sending the users to compromised addresses. The process is extremely elaborate and involves cloning many legitimate sites.
Protect yourself – Use an email solution that blocks this type of attack and always double-check suspicious messages.
6
Pharming
Victims are tricked into entering sensitive data, usually a password or bank card number, into a site that mimics a legitimate one.
This attack is different from standard phishing because it does not rely on the user to click on a malicious link, but on the contrary, it is done on a much larger scale by changing the data in DNS servers, therefore computers are not directly affected, and the user enters legitimate web addresses, but the DNS system responds to the victim with the wrong IP address
Protect yourself – This type of attack can only be avoided by using advanced cybersecurity solutions.
Our suggestion to protect your business
Try Microsoft 365 Premium to avoid being hacked
Besides the user awareness upon spoofed emails and weblinks, organizations’ leadership should adopt a phishing defense strategy by using some threat-intelligence solutions to make sure that sensitive information will be protected against any harmful threat.
If you have less than 300 employees, consider using Microsoft 365 Business Premium. This includes Microsoft Defender for Office 365 to help protect your business from online threats and minimize Phishing threats.
Microsoft 365 Business Premium also provides phishing and antimalware sophisticated technologies that provide extra layer protection against malicious links by filtering spam messages. Is always better to prevent than heal.
For more information please contact us at solutions@risksoft.ro
