According to the seventh annual Experian Data Breach Industry Forecast published on December 1st, 2019, companies worldwide will face new cyber threats in the form of phishing and deep fakes next year.
If that sounds scary to you, you’ re right. It is scary especially if you’re the IT administrator of a large company. A report by GetApp claims that almost half of workers have clicked on a phishing link. Sorry to break it to you, but your job of protecting the business from financial damages is going to a lot tougher in 2020.
Phishing is a cyber-attack used by hackers to gather passwords, personal information and financial information using deceptive emails and websites. Hackers use the information for identity theft, fraud, or leaking sensitive information.
Types of Phishing
The first phishing attack supposedly occurred back in 1995. Five years later, the public was made aware of this type of cyber-attack when the love bug of 2000 infected around 45 million PCs around the globe.
In recent years, the types of attack categorized as phishing has spawned into many variations — all with the same goal of stealing your precious info. The types of phishing you can find today are as follows:
This is the most common type of phishing that has raked in millions of victims since its inception. The common theme is the victims received an email from hackers telling the victims to check some suspicious activity in their bank accounts.
When the users clicked on a link attached in the email, they are taken to a fake site mimicking the legit bank website with a slightly different URL unnoticeable to tired eyes (e.g. capital0ne.com instead of capitalone.com).
Domain spoofing is BFF with email phishing. Just like the example mentioned above, hackers create a spoof website with the same look and feel with the legit website it’s mimicking.
Whaling is similar to email phishing except that the targets are whales or high-profile individuals in big businesses. It’s quite a simple logic. Instead of trying to grab pennies from the little fishes, hackers just go with the whales where stealing important company information may yield millions of dollars in one strike.
Spear phishing is when the hackers pretend to be a close friend of the victim. The email contains specific information about the victim which makes the victim totally unaware that the email is fraudulent. With people so willingly expose their personal life on social media these days, hackers can easily get all the information they need to launch this attack.
Ever got a text claiming you’ve won a million bucks? That’s SmiShing or SMS + Phishing. This type of attack never gets old. Criminals have been sending text messages promising lottery and sweepstakes winnings since the age of feature phones.
Phishing Attack Prevention Tips
The best method to protect yourself and your company from phishing attacks is to be suspicious of any form of electronic communication. Never follow any attached link in emails to go to a financial-related website and type the URL directly to visit the legitimate website.
If you’re an admin, tell the users to follow the proverb “Trust, but verify” to the earnest. Users should crosscheck with admins whenever they receive emails that ask for personal information.
Also tell users to never download or upload files to sites that appear scammy. For instance, if they need to convert their documents to PDF, always use the conversion tool from online-convert.com as it is safe and will never send them spoof emails whatsoever.