In a survey conducted by Tripwire of 200 security professionals, 58% have said that their respective organizations had seen a steep increase in phishing attacks in 2016. Despite that increase, most of them have declared that they don’t feel prepared to adequately protect themselves from the many types of phishing scams that exist.
The increase in cyber-attacks is posing a severe threat to all organizations, big and small. It is why it’s essential for employees to be able to recognize the different types of phishing scams that exist and protect themselves and the company from them.
As some of the most common scams on the internet, deceptive phishing refers to attacks where the fraudster will try to impersonate a legitimate company or organization in an attempt to steal your personal and financial information, as well as any passwords or confidential material.
These emails usually have a sense of urgency about them, either telling you that you’ve won some prize or that your account has been stolen, etc. These will redirect you to a legitimate-looking website where you will be asked to give that information, either to redeem the prize or to verify your account, respectively.
You should always scrutinize the email’s address, as well as the URL of the link that’s in the email. Grammar or spelling mistakes, as well as generic greetings, are all indicative of a phishing email.
Just like with deceptive phishing, spear phishing aims to get any sensitive information from you by using, more or less the same tactics. The most significant difference between the two, however, comes in the form of personalization.
While the first is more generic and avoids mentioning any details about you, spear phishing will use your name, position, company, work phone number, and any other information they may have about you. Scammers get your information from social media sites like Facebook or LinkedIn to craft a well-targeted attack. Limit the number of personal details you share online.
As some of the more tech-savvy users are becoming immune to the traditional phishing, scammers are now turning to pharming to get the information that they require. Instead of baiting people, pharming targets a DNS server and changes the IP address associated with a website. It means that, even if you entered the correct website name into your browser, you would still be redirected to the malicious site.
To protect yourself from these attacks you should only input information on HTTPS-protected sites (websites that have “https://” at the beginning of their address.) Using up-to-date anti-virus software is also essential.
Millions of people around the world use Dropbox as a means to back up, share, and access information. Several years ago, one such attack lured users into entering their login credentials on a fake Dropbox sign-in page. This page was unknowingly hosted by none other than Dropbox, itself. To protect yourself from these attacks, you should implement a two-step verification (2SV) of their accounts.
The best way to keep yourself and your company safe and secure against these phishing attacks is to keep yourself regularly informed about the issue. Phishing is a constantly-evolving organism, and you need to keep both yourself and your security up-to-date.