TGIF! Your boss tweets you to ask why an urgent payment wasn’t sent earlier in the week just before you are about to wrap up for the day. The business meeting has him tied up, so you need to send payment to a specific vendor immediately and send him a confirmation email. Keeping your weekend plans in mind, you transfer the cash and email your boss. Having gone above and beyond was much appreciated. As soon as Monday rolls around, you are called into an emergency meeting. There was a loss of $278,000 for the company. Cybercriminals are aware of one simple fact: human-beings are vulnerable. Malicious actors prey, more often than not, on companies’ human resources divisions often by using psychological manipulation techniques to make employees send money, provide access, or reveal sensitive information.
In the case of #phishing attack, sensitive information is being gathered, typically in the form of usernames, passwords, credit card numbers, bank account numbers, or another important piece of information, and will then be used or sold. As with a fisherman using bait to catch a fish, an attacker lures in the victim by posing as a reputable source with a tempting request.
Phishing is commonly used as a support for other malicious actions, such as on-path attacks and cross-site scripting attacks. Attacks of this kind are typically conducted via email or instant messaging, and several general categories can be identified. For spotting phishing attacks in the wild, get to know a few of these different types of attack vectors.
1) Email Phishing
Possibly the most common method of phishing, spraying and praying involves hackers impersonating legitimate identities or organisations and sending emails to as many recipients as they can gather. Emails of this type often convey an urgent message, telling the recipient that their personal information has been compromised and they must act now. A malicious link will take the victim to a fake login page, in which the attacker wants the victim to perform a specific action. Victims’ credentials are unfortunately passed directly to scammers, which results in their personal information being obtained.
2) Spear Phishing
#Spear phishing involves sending malicious emails to specific recipients within an organisation rather than reaching out to all employees at once, as described above. The method used here targets specific employees at specific companies, rather than mass emailing thousands. A fraudulent email will often be more personal in order to make the victim believe there is a relationship between them and the sender.
As opposed to email, #smishing use text messages instead. The same principles are used in text-based phishing attacks: Attackers send texts that look like they come from reputable sources (such as trustworthy businesses) but are in fact malicious. It’s common for marketing links to masquerade as coupon codes (50% off your next purchase! ), or they might offer opportunities to win something, such as concert tickets.
Many phishing emails will not make it to your inbox thanks to spam filters. However, there are always scammers out there who try to outsmart spam filters, so adding extra layers of protection is a good idea. You can safeguard yourself today against phishing attacks by following the following tips.
1) Use security software e.g., Security information and event management (SIEM), to protect your computer. Automatic updates will keep it protected if there are new threats. (You may wish to know more about the security software in the previous post “How to Protect Your Network With Ease?” or at https://zpiral.io/siem-best-cybersecurity-protection/)
2) Utilize multi-factor authentication to secure your accounts. Additional security is provided by the requirement of two or more credentials for logging in to your account. An example of multifactor authentication is the use of a second factor, such as mobile phones.
3) Take a backup of your data.
Be sure you make a backup of your data and don’t connect them to your home network. A cloud storage service or an external hard drive are options for transferring your computer files. Ensure that the data on your phone is backed up as well.
#Phishing #CyberSecurity #SIEM #Protection