How to Recognize a Phishing Attack
The ‘work from anywhere world’ makes everyone at risk to cyber-attacks, especially because threats are harder to track over home networks. The blurred lines between home and work create security nightmares if safety protocols are ignored, or don’t exist.
One commonly used tactic is phishing. A phishing attack or message is crafted to deliver a sense of urgency or fear with the end goal of capturing a person’s sensitive data. If your employees fall prey to phishing scams while working from home, it can affect your company network by transferring malware and viruses over internet connections. One phishing attack email has the power to cause downtime for your entire business and unfortunately the scams are getting more refined on a daily basis, making them harder to detect.
Here are five different types of phishing attacks to avoid
Spear Phishing
Attackers pass themselves off as someone the target knows well or an organization that they’re familiar with to gain access to compromising information (e.g., credentials or financial information), which is used to exploit the victim.
Whaling
Whaling is a form of spear phishing with a focus on a high-value target, typically a senior employee within an organization, to boost credibility. This approach also targets other high-level employees within an organization as the potential victims and includes an attempt to gain access to company platforms or financial information.
Mass Campaigns
Mass phishing campaigns cast a wider net. Emails are sent to the masses from a knock-off corporate entity insisting a password needs to be updated or credit card information is outdated.
Ambulance Chasing Phishing
Attackers use a current crisis to drive urgency for victims to take action that will lead to compromising data or information. For example, targets may receive a fraudulent email encouraging them to donate to relief funds for recent natural disasters or the COVID-19 global pandemic. According to Google, it has been reported that cybercriminals have sent an estimated 18 million hoax emails about COVID-19 to Gmail users every day.
Pretexting
Pretexting involves an attacker doing something via a non-email channel (e.g., voicemail) to set an expectation that they’ll be sending something seemingly legitimate in the near future only to send an email that contains malicious links.
Always be cautious. When in doubt, throw it out.
If the message seems questionable, odds are good that it is. Even if the email appears to be coming from someone you know, if anything looks suspicious, delete it. If you have questions about how to protect your organization against phishing emails or what to do if your network has been compromised, please contact us, our team of consultants, engineers, and support staff are here to help you!