Phishing is nothing new, yet it remains one of the most effective forms of cyberattacks. According to Verizon’s 2018 Data Breach Investigations Report, 98% of social attacks are phishing or pretexting, the creation of a false story to obtain information.
Phishing makes uses social engineering techniques to trick people into divulging confidential or sensitive information. Here are some of the common phishing techniques used by cybercriminals:
#1. Rogue emails
Email accounts for 96% of social attacks online. Cybercriminals create legitimate-looking emails that purport to be from large corporations and government agencies.
Let’s say your employees received an email from “PayPal” that says suspicious activity was detected on their accounts. The message states that PayPal has locked down the account for authentication purposes until enough personal information is provided.
For alleged security reasons, PayPal has locked the account until the user provides enough information to prove they are its rightful owner. The link included might require them to provide their mother's maiden name, number of children, credit card details, billing address, and so on.
Most users won’t suspect anything at this point, as the link is a spoof of a legitimate corporation's website. Once they have gained control of the account, cybercriminals can use the stolen user details for identity theft, account takeover, or other malicious activities.
Short for “voice phishing,” vishing is the use of a telephone system to pose as legitimate companies and manipulate users into giving out their personal information. Cybercriminals may also change the caller ID information and the area code they’re calling from to make the scam look even more legitimate.
Vishing can be conducted by email, Voice over Internet Protocol (VoIP), landline, or cellular phones. For instance, your employees might unknowingly click on a malicious link that tells them their computer has been locked up. They are then prompted to immediately dial a number to get a "technician" to fix it. This would require your company to spend to remediate the problem. But of course, it was all a scam and the “technician” was only looking to steal confidential information from the victim.
People are increasingly using their mobile devices to access the internet today, and cybercriminals are taking advantage of that trend to trick unsuspecting people into handing out their data. This is where SMS phishing, or simply smishing, comes in.
Similar to other tactics, scammers may send out a bulk text message claiming that your credit card has been deactivated due to suspicious activities. You might then be prompted to open a link that will ask for your sensitive information. Because of their threat, you might hand out your information without thinking twice.
How to stay protected
Let's take a look at some of the steps you can take to protect your business from phishing attacks.
#1. Train your employees
Educate your employees in spotting common phishing techniques. In particular, phishing emails commonly have poor grammar and usually contain nonsensical requests to verify a certain account.
The email body may also contain legitimate-looking links. However, when you hover the mouse on the link, it will likely lead somewhere else, and not the spoofed company’s real website.
#2. Use multifactor authentication (MFA)
Phishing usually involves hackers acquiring a victim’s password, so setting up MFA can significantly help mitigate attacks. MFA uses more than one method to verify a user’s identity such as a fingerprint scan or a one-time code sent to their smartphone.
MFA acts as a secondary lock, so even if criminals get a hold of your password, they will not be able to access your account.
#3. Think twice before opening emails and clicking on links
If an email is coming from a source you don’t recognize, delete the message immediately. This prevents you from clicking on rogue links, downloading malware-infected files, and opening attachments that may seriously harm your PCs. Only open emails that you are expecting and know what information they will contain.
Cybercriminals are hungry for your data, so it’s important to prevent them from hacking your system. USWired’s Email and Spam Protection solution protects your organization from email-borne threats and encrypts sensitive files so they can’t be viewed by anyone outside your organization. Interested? Drop us a line to know more.