Prepare your team for the next phishing threat by "schooling" them on these 5 types of attacks.
As most outdoors enthusiasts can tell you, there's a reason it's called fishing, and not catching.
Despite all your preparation and skill, that coveted fish can be hard to catch. The same goes for phishing, a cybercriminal tactic that involves email messages crafted to capture a person or an organization's sensitive data. More and more, these sophisticated attacks are hard to catch.
They're also expensive. According to Datto, one phishing email has the power to cause downtime for your entire business, to the average cost of $53,987.
Your best defense as an organization is education. Prepare your team for the next phishing threat by "schooling" them on these 5 types of attacks.
5 Types of Phishing Attacks Your Users Should Educated Themselves On.
1. Mass Campaigns.
Wide net phishing emails are sent to the masses from a knock-off corporate entity asking them to enter their credentials or credit card details. Attacks that rely on email spoofing appear as if a trusted sender sent them, but there are few telltale signs to look for:
- Does the information given look legitimate? Look to identify things like misspellings or a sender email address that have the wrong domain.
- Review the message for any logos that look odd or fake.
- Ignore emails that have only an image and very little text.
2. Spear Phishing.
Directly targets a specific organization or person with tailored phishing emails.
- Look out for internal requests from people in other departments or seem out of the ordinary for the job function.
- Be wary of links to documents stored on shared drives like Google Suite, O365, and Dropbox because these can redirect to a fake, malicious website.
- Any documents that require a user login ID and password may be an attempt to steal credentials.
- Don’t click a link from an alleged known website. Instead, go to the browser, and go to the website yourself. This way, you can be sure you’re getting to the right website and not a phishing one.
3. Whaling.
Whaling refers to spear-phishing attacks directed specifically at senior executives and other high-profile targets in an attempt to gain access to company platforms or financial information.
- If a senior leadership member has never made contact before, be wary of taking the requested action.
- Make sure that any request that appears normal is sent to a work email, not personal.
- If the request seems urgent, it might be costly if it is fake. Send a separate email/text or call the recipient and verify his request. Better safe than sorry.
4. Clone Phishing.
The attacker copies a legitimate email message sent from a trusted organization and replaces a link that redirects to a malicious/fake website.
- Be wary of unexpected emails from a service provider, even one that might be part of everyday
communication. - Look out for emails requesting personal information that the service provider never asked for. If you know the request is legitimate, it is best to go to the browser and type the data directly to the website.
5. Pretexting.
Pretexting involves an attacker doing something via a non-email channel (e.g., voicemail) to set an expectation that they’ll be sending something seemingly legitimate shortly only to send an email that contains malicious links.
Is your network infrastructure secure and stable? Just as importantly, are your users educated on identifying and avoiding a phishing attack? Schedule your visit with a Datamax Technology Specialist to learn more about Managed IT Services!
Source: Datto