8 Common Phishing Attacks And How To Protect Against Them
MAR 07, 2017 17:25 PM
A+ A A-

8 Common Phishing Attacks And How To Protect Against Them

By Drew Hendricks

In 2017, there's one surefire way to be made a fool – being a victim of a phishing attack. Phishing refers to attempts to make a sucker out of you. The phishers want to take your usernames, passwords, credit cards and money. They approach you through the Internet or telephone pretending to be a legitimate person or agency.

Make no mistake: These phishers are crooks, after your identity along with all of the information and money that comes with it. So, they dangle bait, waiting for people to bite from home or business.

The key to beating them is to think like them, according to the IEEE Computer Society’s Art of Hacking certification course.

“Phishing scams have been around forever, and it’s still being used because it still works,” said Hoala Greevy, Founder CEO of Paubox, an email security startup. “That’s because it targets people, and no one is perfect. But you can mitigate risks by making sure you have good security in place and train your staff on how to identify and avoid any phishing emails that slip through the cracks."

What Phishers Do

You need to accept that these scammers might just be smarter than you, at least with respect to the ability to conspire and corrupt. They think differently than you or I do.

How so?

1.     Target: Cyber crooks target people and businesses. For example, they want your business’ customer mailing list, so they can masquerade as your business to steal from your own customers.

2.     Method: With your business identity under their control, the scammers develop emails or phone scripts to approach their victims.

3.     Kill: Using your business identity – the appearance, logo and so on – the thieves mail out their messages. These emails, for all intents and purposes, appear to be legitimate communications.

4.     Steal: They record all the data the victims put into the windows or links where the messages directed them.

5.     Disappear: With the stolen information, the scammers then use the identity to make purchases and defraud the victims who are unaware of what’s going on at the time.

Phishing By The Numbers

Phishing schemes attack your business and your customers. A study by Canada’s GetCyberSafe reports on the size of the problem:

●       156 million phishing emails go out each day.

●       Security filters stop 90% of them.

●       16 million phishing emails reach targets.

●       8 million get opened each day.

●       10% (800,000) of recipients click-through links.

●       10% (80,000) of recipients give up their personal information.

The Ponemon Institute houses the Responsible Information Council (RIM) and focuses on the legitimate collection and use of personal, sensitive and confidential information. Their August 2015 report on the $3,768,820/year cost of phishing scams to businesses with 1,000 plus employees found the following:

Cost to contain malware

$208,174

Cost of malware not contained

$338,098

Productivity losses from Phishing

$1,819,923

Cost to contain credential compromise

$381,920

Cost of credential compromises not contained

$1,020,705

 

The Ponemon report concludes there's a critical need for business awareness and employee training. So, even if your business is much smaller than the database, you can see the potential for loss of business, customers and confidential information.

This should be a concern for small and enterprise organizations alike. Security authority and Computer.org author Larry Alton writes, “The number of attacks are increasing by the day and it’s important for small and large businesses alike to shore up weaknesses and enhance protective measures.”

8 Common Phishing Attacks

1.     Whaling (or cyber-whaling) targets the highest-level company executives who handle finance and data decisions. Assuming business leaders aren't suckered by the common pitch, phishers prepare special approaches called harpoons.

2.     Harpooning uses personal details secured from other business sources and social networks, so the email language appears unique to the individual and confidential. The email might also include the sort of attachment the recipient would be pressed to open, like a subpoena, contract or tax form.

3.     Spearfishing does the same as harpooning on a less sophisticated level. It targets anyone in the organization or database with just enough personal information to tempt the recipient to open the mail.

4.     Fake phishers indulge in deceptive fishing by sending emails that present as a legitimate company, such as PayPal, MasterCard, Wal-Mart or others. Recipients are fooled into thinking the request for personal information is legitimate.

5.     Pharming is a malicious technology scheme to convert the alphabetical Domain Name System (DNS) of websites into a numerical IP address which then redirects browsing users to a malicious location even if the victim entered the correct website search.

6.     Mimic phishing imitates trusted sites like Dropbox, GoogleDocs or Outlook. Messages offer absolute duplicates of the sign-in screens for such sites and lure victims to enter their personal sign-in username and password.

7.     Nigerian schemes promise delivery of a big payoff if the victim makes an advance payment or fee to secure the grant.

8.     Banking scams and tax frauds announce a problem with banking or tax records and demands personal information to correct the problem.

Of course, there are more schemes. Some emails offer jobs, vacations, stocks and more in exchange for personal information. And, many of these attacks include attachments containing malware and viruses.

How To Protect Against Them

A business’ best protection against phishing attacks takes two forms: The installation of state-of-the-art security on all business devices and repeated training up and down the organization.

1.     Banks, tax authorities and trusted agencies never ask for personal information online.

2.     Email addresses of a sender must correspond to a legitimate business domain name.

3.     Never click any unverified link. For example, there's no need to click-through an email message if the actual website is available.

4.     Optimize your system. For example, put some effort into white and black listing your incoming emails by your customizing the system’s filtering.

5.     Avoid URLs that begin with http:// rather than https://. Look for the lock icon in the URL line.

6.     Do not respond to emails demanding an “urgent” response. Call the source to verify their identity and proceed accordingly.

7.     Look for amateur work with poor language and spelling.

8.     Refuse to sign onto a site through Facebook or other social media access.

Cyber criminals are even sophisticated enough to attack certain days of the week at certain times of the day in certain seasons. No business has immunity. Phishers will target any organization. And, if the organizations are vulnerable, customers lose faith, costing damage to the business brand and reputation.

Tiffany Tucker, a systems engineer at Chelsea Technologies emphasizes that companies must keep a pulse on the current phishing strategies and confirm their security policies and solutions can eliminate threats as they evolve.

But, it’s also true that the phishers are more active and determined than their victims. They're at work identifying new targets and drawing up new schemes. As a result, it pays business owners to create a climate that invites employees to report even suspected scams.

FIRST
PREV
NEXT
LAST
Page(s):
[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:
 

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Careers
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
Internet Of Things
Sensing IoT: by Irena Bojanova

 

RESET