Phishing is a common problem for businesses and individuals these days. Using advanced fraudulent techniques, social engineering tactics and multi-layered deception, scammers have developed different phishing attacks that threaten the security of personal and corporate information.
When increasing theemail phishing protection of your account, it’s important to know which phishing attacks you might face, and how can you prevent them. Here are four common attacks you need to know
1. Deceptive Phishing
What is it: Deceptive phishing is among the most common phishing attacks there is. Generally, a cybercriminal would use social engineering tactics to imitate genuine email correspondence from a senior employee in a company, sent from a similar email domain. The aim is to trick an employee into handing over sensitive data, which they can use to extort money from the company.
What is it: Spear phishing is a more sophisticated attack directed at a victim. A criminal uses publicly available information from social media or a Google search to gather enough information about the victim that allows them to create an email which appears to be sent from a trusted friend or business. The aim is to steal the victim’s identity and use it for credit card fraud or blackmail.
How to prevent it: If you receive an email from a friend or company without cause or reason, it’s best to check with the sender directly via phone or text message to confirm the email is from them. Until you receive some confirmation, don’t open the email.
What is it: Whaling is a form of Spear phishing, directed at high-ranking executives, like a CEO or CFO. The main aim of this type of attack is to gain access to the executive's email account. If the criminal is successful, they can send out any financial or otherwise compromising requests to low-level employees.
How to prevent it: In most cases, whaling attacks start as urgent requests from a company executive using spoofing techniques. If these emails contain financial or data requests, it is best to carefully evaluate the email address and language used in the body text. Anti-spoofing software is also good phishing protection.
What is it: Phishing attacks are predominantly around email, but using other communication means is possible and can be combined with email. For instance, vishing is conducted over Voice over IP (VoIP) systems (such as Whatsapp or Facetime), in a way the caller ID is changed to make it seem as someone associated with the company is calling, for example, a business partner, supplier or bank. Then, they make a request either directly via the call or send an accompanying email to increase the legitimacy of their claim.
How to prevent it: Identifying vishing attacks is hard. However, you can always ask for an email if there is an urgent request over the phone. Keep in mind, most companies also don’t request any personal information over the phone, and would instead use email.
Our email security software tracks all inbound and outbound emails in real time and detects the most advanced threats even before they arrive in your inbox. Request a demo to see how our email security system can help you raise advanced email threats security to a whole new level at your company.