By Felipe Castilla, Nerds Support Inc.
Phishing scams have existed for years, but have recently become the most dangerous form of cyberattack. Why is that? Well, one reason is just lack of awareness. Another reason might be because social engineering scams are becoming harder to recognize.
As people become more aware of email scams, it gets harder to trick them. In the early years of online fraud, malicious emails had misspelled subject lines and goofy messages offering money or services. That isn’t working on people anymore. So, as a hacker, you start to change your tactics, trying new ways of accessing sensitive information from a target.
As a result, cyber attackers are getting smarter and more resourceful. Now, these attacks have evolved into highly sophisticated, detailed schemes. They prey on human emotion to gain access to networks, data and personal information.
Managed Service providers, like Nerds Support Inc., can monitor your systems for suspicious activity, but some phishing scams can still go undetected.
As a matter of fact, 98 percent of phishing emails that reached users did not contain malware, according to a phishing intelligence report. In other words, phishing emails don’t work how they used to. Attackers are getting smarter, but knowing what to look for can help you outsmart them.
Here are five phishing scams to watch out for:
Unlike traditional phishing, spear phishing is unique and customized specifically for a single user. Cyber criminals who use spear phishing tactics personalize their email, impersonating employers, clients, and bank representatives to lower the victim’s guard and bypass defenses.
How do they personalize email attacks? Well, it isn’t too difficult. Everyone, in one way or another, has a presence online. Maybe you have a Facebook or an Instagram account you use to share photos and keep in touch with loved ones.
Savvy cybercriminals look through these social media profiles for personal information they can leverage against you. Then, the attacker crafts emails using that personal information to make it compelling. They might learn where you bank or shop online and send an email notifying you your account has been locked.
Clone Phishing is a variation of a spear phishing attack. Hackers take a legitimate, previously opened email with a link or attachment and create a ‘clone’ or copy. The attachment or link is replaced with an infected version and disguised to look like it came from the original sender. Since it’s based off of a legitimate, previously opened email, you wouldn’t have reason to suspect it. And that’s what makes it so dangerous.
Where spear phishing attacks are specialized emails targeting employees, whaling attacks are specialized emails that targets executives. Like other phishing scams, cybercriminals attempt to trick executives into revealing information. Also like spear phishing, whaling attacks use social media and the internet to tailor the message.
Vishing, or voice phishing, can be considered one of the oldest forms of social engineering. Where phishing is deceiving people into submitting information through email, vishing does so by using an internet phone service (VoIP). These calls can be automated messages, real people or a hybrid of the two.
Vishing scammers create fake caller ID’s and contact the target pretending to be someone else. For example, you might receive calls from the ‘IRS’ claiming there is an arrest warrant under your name. Once they have you in a distressed state, they offer the chance to pay the debt and avoid arrest.
These attacks don’t only target consumers, however. Vishing scams target company employees to access account information.
The IRS scam mentioned earlier is a hybrid attack. It uses automated recordings and transfers the call to a real person when the target complies.
What’s worse, new technology like artificial intelligence is being used in vishing attacks. The cybercriminal uses software to mimic the voice of an authority figure so the target sends money, resources or information. This figure might be the CEO of a reputable company or looking to transfer funds to a specific account.
Watering hole Phishing
Imagine a group of gazelle moving towards a watering hole on a hot day. An intelligent hunter will anticipate which watering holes the gazelle are likely to drink from to attack. Watering hole phishing does the same thing online.
An attacker will look for any website that a company or group of employees visit most and infect it with malware. The attacker then gains access to the victim’s network and can extract desired data.
In a watering hole attack, the attacker looks for any vulnerability in the visited site and inserts malicious code that redirects the employee to where the malware is hosted.
These attacks are not common but are dangerous because they’re difficult to identify.
So you’re now that you’re aware of these deceptive attacks, what can you do to prevent them? Cybersecurity is not a one size-fits-all solution. Effective protection against phishing attacks is multifaceted and requires commitment. However, the benefits greatly outweigh the costs.
- Practice good digital hygiene. What does this mean? Put simply, it means adopting best practices when handling emails or engaging on the web through training and education. Companies are even using simulated phishing attacks as part of anti-phishing training programs.
- Use multifactor authentication for additional layers of protection against phishing attacks. Multifactor authentication software requires a user to log in to their accounts by using multiple forms of identification like a password and a fingerprint or answering a security question. If a hacker gets access to user credentials, it doesn’t matter because they won’t have the user’s finger print.
- Downloading effective anti-phishing software, like Retruster, that flags malicious emails or notifies users of a potential threat. Don’t fall victim to these attacks.
Ponemon’s cost of a data breach report revealed 48 percent of all breaches were caused by malicious or criminal attacks. That’s almost half of all breaches everywhere. Don’t be one of them.Use Retruster today!