How to Spot a Phishing Attack
While 76% of organisations stated they received phishing attempts in 2017, over half of these businesses (53%) reported being impacted by them (Gov.uk).
Phishing is one of the biggest threats to an organisation, but do you know what to they are, what they look like, or what they can mean for your company?
Fundamentally, phishing is someone posing as a trustworthy source with the intention of gaining information to hack your computer. This could be through a reply with personal information, like a password, or a by getting you to click on a link which will install a virus or malware onto your system which can steal information.
Phishing usually takes the form of mass emails, which while they may feel personal in nature, are sent out to thousands of people. These do not have to just be emails anymore however, criminals are using other forms of communication to create attacks.
Here are the most common forms of phishing and some tips to help you spot these attacks:
With poor grammar and spelling, these messages are intended to scare you into quick action. Your account has been compromised, a payment is required, or your card has been suspected of fraudulent activity are just some of the tactics criminals will use to lure you into their trap.
The emails will require you to take action. This can include clicking on a link or an attachment to open (often a .zip file). Completing one of these actions can lead to malware being installed on your computer or information being gathered from you inputting passwords and access details to accounts.
These emails may look official, with the use of logos and legal wording at the bottom, but you can spot these sinister emails. If it is not addressed to you personally, contains a suspicious attachment or link, or is sent from an email address that does not look right, it is probably a phishing scam.
This type of attack is one of the more sophisticated types of phishing emails. Spear phishing will target a specific person with malicious emails to look more legitimate. The information they could have includes your name, your place of work, your job title, your email address, or even specific information about your job.
Remember how easy it is to find this information out nowadays, either via social media, or even your company’s website. Being aware of the information they are asking you for can help you to distinguish these emails from genuine business emails, although they will tend to still include links and attachments.
While Spear phishing can personal target anyone in a company, Whaling is even more targeted. While the ultimate goal of this type of attack is to gain personal information, Whaling will target senior executives.
The content of these emails is also subtler. Instead of asking them to follow a link, they will be asking for a response via reply or documents to be scanned. Tax returns and information have become a popular target for this type of attack due to the sensitive information they contain.
Smishing and Vishing
Emails are not the only form of attack to gain personal information. Telephone calls and text messages are also being used. Smishing (SMS Phishing) involves the same content as an email phishing attack, and vishing (Voice Phishing) will involve a physical call.
Criminals will use the same scare tactics on vishing calls, asking you to confirm personal information like bank card details to verify your identity, or even asking you to make a payment to rectify the issues - this will be to the criminal’s bank accounts, however.
The Last Line of Attack
While technology has developed to create spam filters, sort junk, and block known attacks, malicious emails can still get through. Your employees are the last line of attack. Their ability to detect fraudulent emails take the appropriate action is imperative.
Education is the most powerful weapon, and here at Xenace, we have developed a unique training tool, Phishwise, to help not only assess your company’s ability to recognise fraudulent emails but to also continue to educate them. Get in Touch TODAY to find out more about Phishwise and how we can help protect your business from Phishing attacks.