Let's be honest, dropping a house on a cyber criminal who has put your company at risk definitely sounds enticing. While we can't do that, we can help you to brush up on some of the latest information on phishing attacks that you can share with your employees. One of the best way to protect your business is through end user education. You may know how to protect yourself from lions, tigers, and bears, but what about phishing?
Spear-Phishing - Personalized Attack
As the name implies, spear-phishing is a more focused type of attack. The sender of the attack does research on their target and uses the information they were able to find to try and lend to the credibility of the message in the attack. The cyber criminal will pose as someone of importance to the person receiving the email and try to trick them. Generally, they try and pose as someone superior like a manager or a person in a leadership role. These criminals are looking to have the recipient send them sensitive documents or information. When these attacks are successful, the damage can be extensive.
SMiShing - Text Message Scam
You’ve heard of attacks targeting your emails and online accounts, but what about your text messages? Cyber criminals are using your texts as an avenue to lure you into providing personal information. Likely, a SMiShing message will include a message informing you to take action on one of your accounts along with a link to a website. If you use the link and provide the details the website asks for, that can be enough for a cyber criminal to damage to your identity. With the growing popularity of smartphones, SMiShing is another way for criminals to trick people into providing important information.
Whaling - CEO Email Scam
Just like in fishing for sport, catching the “big fish” is usually the goal. Catching the “big fish” in a phishing attack is referred to as whaling. This type of attack is meticulously calculated, targeted, and sophisticated. Whaling attacks target members of an organizations upper-level employees. Typically, these people have high-level access to information and data that could be detrimental to a business if it fell into the wrong hands. In a whaling attack, cyber criminals are trying to pose as a member of senior management or to trick someone in leadership into sharing data through emails and web spoofing.
These attacks can be extremely dangerous when they are successful. The good news is, through education you can work with your employees to protect yourselves from phishing attacks. Educating your employees and leadership about email and message scams is a great line of first defense in protecting your business.
Tips for Spotting a Phishing Scam
- Be on the lookout for spelling and grammar errors in the writing
- Does the message seem too good to be true? That's because it probably is.
- Hover over links to see where they will take you before you click.
- Don't give out your personal information. If the IRS wanted to talk to you they would send you a letter via USPS.
For support look no further than SumnerOne. Before you know it, our Managed IT Services team will having you saying "There's no place like SumnerOne!" It's our job to keep your business on the path of total network protection. Be sure to download our Critical Consumer Cheat Sheet to share more tips for spotting scams with your employees.
Originally published May 1, 2018, updated October 2, 2018