Phishing 101

Phishing still remains a major issue across the world. Hackers are getting more and more tricky with their tactics, and it is important to stay up to date on the types of phishing attacks so that you can protect you and your company. In fact, the number of phishing campaigns pursued by hackers around the world increased 65% in the last year.

What is phishing? Hackers mimic the emails, forms, and websites of legitimate people or companies in an effort to lure people into providing their private, personal information. For example, credit card numbers, social security information, account logins, and personal identifiers or pins. The victim usually doesn’t realize they’ve been compromised until long after the event. Oftentimes the victim does not realize they have fallen into a trap until their finances are affected.

In the past, an attack was carried out pretty quickly. As soon as the victim gave up their information, the hacker moved in and stole money. Today, it’s usually more lucrative for hackers to sell that information on the Dark Web. This results in longer-lasting and more devastating attacks.

3 Types Of Phishing Attacks

Spear phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. These are highly targeted attacks. This technique is by far the most successful on the Internet today. Attackers gather personal information about their target to increase their probability of success in the phishing attack.

Whaling

Several phishing attacks have been directed specifically at high-profile targets within businesses (senior executives), and the term whaling has been coined for these types of attacks. The content is crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or major executive issue demanding immediate action. Whaling scam emails are designed to hide as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for senior management, and usually involves some kind of falsified major company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena.

Have you ever gotten an email from your bank asking you to update your information online? Or confirm your username and password? Maybe even a suspicious email from your boss asking you to execute some wire transfer. That is most likely a spear phishing attempt, and you’re among the 76% of businesses that were victims of a phishing attack in the last year. These attacks are no joke, and it is important to be armed with knowledge on how to stop them in their tracks.

Method of Delivery

Phishing scams are not always received through email. Last year, in 2017, officials caught on to attacks using SMS texting (smishing), voice calls (vishing), or social engineering.

Clone phishing

Clone phishing is a type of phishing attack where a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The link within the email is replaced with a malicious version. It may claim to be a resend of the original or an updated version.

Ransomware: The Consequence

Phishing is the most widely used method for spreading ransomware, and has increased significantly since the birth of major ransomware viruses like Petya and Wannacry.

Small businesses, education, government, and healthcare often, unfortunately, don’t have valid data backups.  They are unable to roll back to a pre-ransomed version of their data. Instead, they have to pay their way out of the attack. Outside of ransom costs, victims of phishing campaigns are often branded as untrustworthy. This results in many of their customers turning to their competitors, resulting in even greater financial loss.

Why are effective phishing campaigns so rampant despite public awareness from media coverage?

Volume: There are nearly 5 million new phishing sites created every month, according to Webroot Threat Report. There are now even Phishing as a Service companies.

They’re simple to Execute: New phishing campaigns and sites can be built by hackers in minutes. These individuals make a living off their hacking campaigns.

They Work: Over 30% of phishing messages get opened, and 12% of targets click on the embedded attachments or links, according to the Verizon Data Breach Investigations Report. These hackers have gotten really good at looking really legitimate.

How do you protect yourself from a phishing attack? Contact us today to learn more about Magnitech IT Services.