Phishing is a common tactic used to trick people into disclosing important information or downloading malware, attackers will send emails, or other forms of messages that appear to be from a reputable source, with the intent to steal or use that person’s information.
Unfortunately, phishing attacks are the most common attacks by hackers. As technical security becomes more and more advanced, turning to human error has become the weapon of choice for many malicious actors over the past few years. According to Kaspersky, the final tally for Phishing attacks in 2022 was expected to reach over 500 million. Those are just the successful attacks as 3 billion phishing emails are sent out daily. Add to that the increase to 255 million Smishing (i.e. text-based phishing attacks), in only 6 months of 2021 alone, and Vishing (which involves a person getting on the phone with their attacker to give them personal and/or financial information or payments), in which 1 in 3 Americans have fallen victim to, and the average person must be very, very careful with sharing their information.
Using usernames, passwords, credit card numbers, or social security numbers as bait, phishing attacks attempt to convince their target to divulge sensitive information. Attackers can then use this information against your organization to steal sensitive data, money, or even commit identity theft, thus putting your whole company and its assets at risk.
A few examples of what a phishing email may look like are below.
Here is one with a few notes on what to look for:
Here is a another, see if you can spot the area you should be wary of:
Or the fake 2-factor code you didn’t request:
Or the Smishing Attack:
Generally, social engineering tactics are used to create panic or a sense of urgency to trick you into giving out valuable information. They will do this by providing an email or text that looks to be real, however, it is quite the opposite. Once you have provided that information to a malicious user it’s already too late. The best way to protect your organization against these attacks is to train employees about the dangers of phishing and educate them about what they should look out for.
Additionally, a targeted form of phishing, known as Spear Phishing, is a method that fixates on specific individuals or groups within an organization using emails, social media, instant messaging, and other platforms to get people to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. Typically, phishing relies on a mass email approach to random individuals, spear phishing focuses on specific targets by using individualized research.
Spear phishing attacks traditionally involve an email and attachment or a text with a request and/or a link to a malicious website. The email or text will include specific information aimed at the target, such as the target's name, email address, place of employment, and title or job role at the organization (with Whaling attacks aimed at senior executives). This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment or the link.
How Can CyberSolve Help?
At CyberSolve we strive to ensure that not only your technology, but your employees themselves are safe from divulging information over to malicious attackers, and we have assessments to identify the risk and remediation methods to manage and/or eliminate the risk.