We were passionate about staying up on tech and cybersecurity trends before COVID, but now we’re downright obsessed. And we’re here to share what we learn to help keep you cybersecurity savvy and safe.
Did you know?- The first phishing campaign was documented in 1987!
- Phishing is now carried out via text, phone, advertising, and email
- The biggest targets are the employees of small businesses
- Ongoing security awareness training can help reduce breaches by nearly 70%
Check out the 11 ways you could be phished and please alert us if you see an uptick in any suspicious email activity or need training for your staff.
- Standard Phishing – Casting a Wide Net
This is what we think of first when we hear “phishing” – the attempt to steal valuable info by fronting as an authorized organization or person. These emails get sent to a wide audience, hoping someone will be fooled and provide valuable info.
- Malware Phishing – Beware the Macros
Malicious attachments are known as “macros.” This type of phishing comes via email as well but includes a macro (malicious attachment or link) that, when downloaded or clicked, will infect the machine with malware.
- Spear Fishing – Catching the Big One
This tactic involves heavy research and targeting of a high-dollar target like a CEO, Founder, or Public Figure and uses publicly available information to mislead that individual.
- SMS + Phishing = Smishing – Just Don’t Click!
One of the most popular phishing tactics used now due to an open rate of 98% (versus 20% for email). If you get a text from an unknown number with an unusual link, do not click!
- Search Engine Phishing – Careful What You Choose
Cyber criminals are waiting for you to come to them via your search engine. They’ll pay for ads linked to fraudulent sites and use popular search terms to inject them into your results. Beware of links that promise to-good-to-be-true deals or opportunities.
- Vishing – Keeping You On the Line
Have you ever received a call or voicemail that sounded robotic, posing as a reputable organization, asking you for personal information? This is Vishing. While they can be easily avoided by hanging up, they’re getting harder to catch as technology advances.
- Pharming – Poisoning the Waterhole
Also known as DNS (domain name system) poisoning, this is a sophisticated form of phishing that involves rerouting your business’s website traffic to a fake page that often seeks to collect valuable or sensitive information.
- Clone Phishing
If you have a weak email password without two-factor authentication, this may happen to you. This type of phishing, which bets on weak passwords, is when an attacker will “break in” to an account, clone a normal email and swap out the original link, attachment, or other element for a malicious one and sends out from your account.
- Man-in-the-Middle – The Public WiFi Phisherman
This type of attack id done by creating a phony public Wifi, waiting for people to join it, then eavesdropping on correspondence to steal credentials or other sensitive info. If you’re on an unfamiliar network, turn off file sharing and do not share sensitive info!
- Business Email Compromise (BEC): Don’t Make the Payment!
One of the most common and expensive threats, this phony email will claim to be an urgent request for a payment or purchase from a fake account posing as someone within or associated with your company. Of the $3.5 billion the FBI estimates businesses lost to cybercrime in 2019, about $1.7 billion was lost to BEC!
- Malvertising – That Ad Isn’t What You Think It Is
This type of phishing embeds malicious code into normal looking ads in the normal places you’d see them. If you click on malvertising, it will likely redirect you in split seconds to a site intended to inject malware into your browser, commanding it to begin encrypting files that can then be held for ransom.
Contact us for training on how to avoid falling prey to any of the above phishing tactics! Click here to request a call from the Xperts.