6 Common Phishing Attacks and How to Prevent Them

According to recent data, four out of every ten small to mid-sized Canadian businesses have been victimized by some form of phishing attack. Even more startling is that although phishing scams target and exploit employees directly, few organizations know how to a) identify them or b) protect their staff against these extremely harmful, yet frequent threats. 

Here’s what you need to know:

1. Deceptive Phishing

The most common form of phishing scam, deceptive phishing is an email-based attack in which cybercriminals impersonate a legitimately recognized organization (i.e. Microsoft, Amazon, a financial or government institution, etc.). From here, scammers attempt to collect personal data, including login credentials, financial information and more. 

What to Look For: 

  • Emails from a seemingly reputable company 
  • Re-directs to unknown or suspicious websites 

Prevention: 

  • Advise employees to inspect URLs and re-directs carefully 
  • Watch for unusual or generic opening greetings, poor grammar and spelling errors
2. Spear Phishing 

Unlike deceptive phishing, spear phishing scams tend to be more personalized. These types of attacks are common to social media sites and generally rely on personalization (i.e. using first names, title, company name, work phone number, etc.) to victimize potential targets. Here again, cybercriminals will attempt to collect personal data from the victim. 

What to Look For: 

  • Common to social media sites
  • Email from a seemingly reputable sender using personalized information 

Prevention: 

Spam - Text on Red Puzzles with White Background. 3D Render.3. CEO Fraud 

CEO fraud (sometimes referred to as “whaling”) is a form of spear phishing attack that exclusively targets business CEOs and executives, in order to steal their personal information. By compromising the business owner’s email account, hackers aim to authorize and send fraudulent money transfers or gain access to employee information (with an agenda to file fraudulent employee tax returns or sell their data on the dark web). 

What to Look For: 

  • CEO or high-ranking executives as targets 
  • Display name impersonations 
  • Domain impersonation 
  • Requests for financial action 

Prevention: 

  • Ensure cybersecurity training for all company executives
  • Establish multi-factor authentication for all business-based financial transactions 
4. Vishing 

Phishing attacks aren’t just limited to social media and email communication. In the case of vishing attacks, phishers will attempt to steal personal information or funds by masquerading as various organizations via phone (the Canada Revenue Agency, for example). 

What to Look For: 

  • Targets are contacted by phone 
  • Attackers mimic reputable institutions/organizations in order to extract personal info or funds

Prevention: 

  • Avoid answering unknown numbers 
  • Never give personal information over the phone 
  • Verify the organization/institution by calling them back on a known (official) number
5. Smishing 

Text messages are yet another form of phone-based communication attackers may use to target their victims. Text-based phishing, or “smishing,” employs the use of texts to lure users into clicking on malicious links and/or sharing their personal data (once again, by posing as a seemingly valid organization or institution). 

What to Look For: 

  • Suspicious text messages 
  • Recognizable institution or organization attempting to collect personal data or funds via text
  • Re-directs to suspicious sites or landing pages 

Prevention: 

  • Investigate suspicious numbers 
  • Verify the organization/institution by calling them back on a known (official) number
6. Pharming

A more sophisticated form of phishing attack, pharming employs cache poisoning as a means of targeting DNS servers and changing IP addresses. Users are then redirected to malicious sites as orchestrated by the attackers, regardless of entering the correct site name to begin with. 

What to Look For: 

  • Re-directs to suspicious sites or landing pages 

Prevention: 

  • Rely on HTTPS (encrypted) sites only 
  • Keep anti-virus and security upgrades up to date 

Sources: Tripwire 

How at risk is YOUR business? Find out today by taking our FREE Risk Assessment or by booking your free consultation

Posted by Adrian Ghira on Mar 12, 2020 6:46:13 PM

Topics: business, phishing, organization, prevention

Subscribe to our Newsletter

Recent Posts