If you’ve been in the workforce in the past 25 years, chances are you’ve heard of phishing. A classic example is receiving an email from someone you don’t know telling you to “click this link to to win $1,000!” or “download this file to get a free version of Photoshop!” It’s pretty easy to tell that it’s a scam. You delete it and move on. The problem today is that phishing attacks have become nearly indistinguishable from the legitimate emails you receive every day. So, how can you tell the difference?
There are a few different types of phishing scams, from fake websites, deception, social engineering, CEO targeting, and more. Here is a list of the most common types of phishing scams:
- Deceptive Phishing – This type of phishing is the most common. It’s usually sent to the masses in the shape of your bank telling you that there has been suspicious activity on your debit card and to click a link to verify your account, or a social media site telling you to update your password or else they will take a negative action towards your account.
- Spear Phishing – When an attack is targeted to a single person. Hackers research the target on Facebook, Twitter, LinkedIn, and paid information sites to make the attack as authentic as possible. Spear phishing is usually the first step to performing a full-blown attack on your computer.
- Whaling – Cleverly named, whaling refers to hackers going after the “big fish” – or the executives of a company. This requires a hacker to do a deep dive in researching their victim and getting all of their facts straight to be as convincing as possible. They often ask for wire transfers to different countries, tax information on employees, and disclosing the company’s financial information. High level executives often have the most access to company information; including credentials to critical business applications, client contact information, and finances.
- Pharming – This is similar to classic phishing, sending a link to a fake site, however, victims don’t even need to click a link to be brought to a malicious site. Attackers can get into the victim’s computer and redirect the user to a fake site, even if the correct address is entered.
So, how do you protect yourself and your business? We have some steps you can take to secure what’s important to you:
- Check the sources of suspicious emails. Most phishing emails use credible business domains, but have an extra letter, a dash, or have a different domain suffix. An example may be co or youcrompany.com If you’re unsure if the domain is legitimate or not, look up the website before taking any action. Another step to consider is registering these alternative domain names so they are not available for purchase by others.
- Check the content of the email for spelling mistakes, weird characters, and misuse of your name. For example, they may say “Dear valued customer, Dear member, or use your full email address in place of your name. These are getting much more difficult to identify. If you are not sure, call the bank or institution that the email is supposedly coming from, direct to confirm anything. The IRS will never send you an email for collection as an example.
- Educate your team. Some ongoing training services are available through Baroan to prevent phishing scams or make the users aware of the latest threats. These include online cyber security tips and tricks as well as test phishing campaigns.