According to recent data, four out of every ten small to mid-sized Canadian businesses have been victimized by some form of phishing attack. Even more startling is that although phishing scams target and exploit employees directly, few organizations know how to a) identify them or b) protect their staff against these extremely harmful, yet frequent threats.
Here’s what you need to know:
1. Deceptive Phishing
The most common form of phishing scam, deceptive phishing is an email-based attack in which cybercriminals impersonate a legitimately recognized organization (i.e. Microsoft, Amazon, a financial or government institution, etc.). From here, scammers attempt to collect personal data, including login credentials, financial information and more.
What to Look For:
Prevention:
Unlike deceptive phishing, spear phishing scams tend to be more personalized. These types of attacks are common to social media sites and generally rely on personalization (i.e. using first names, title, company name, work phone number, etc.) to victimize potential targets. Here again, cybercriminals will attempt to collect personal data from the victim.
What to Look For:
Prevention:
CEO fraud (sometimes referred to as “whaling”) is a form of spear phishing attack that exclusively targets business CEOs and executives, in order to steal their personal information. By compromising the business owner’s email account, hackers aim to authorize and send fraudulent money transfers or gain access to employee information (with an agenda to file fraudulent employee tax returns or sell their data on the dark web).
What to Look For:
Prevention:
Phishing attacks aren’t just limited to social media and email communication. In the case of vishing attacks, phishers will attempt to steal personal information or funds by masquerading as various organizations via phone (the Canada Revenue Agency, for example).
What to Look For:
Prevention:
Text messages are yet another form of phone-based communication attackers may use to target their victims. Text-based phishing, or “smishing,” employs the use of texts to lure users into clicking on malicious links and/or sharing their personal data (once again, by posing as a seemingly valid organization or institution).
What to Look For:
Prevention:
A more sophisticated form of phishing attack, pharming employs cache poisoning as a means of targeting DNS servers and changing IP addresses. Users are then redirected to malicious sites as orchestrated by the attackers, regardless of entering the correct site name to begin with.
What to Look For:
Prevention:
Sources: Tripwire
How at risk is YOUR business? Find out today by taking our FREE Risk Assessment or by booking your free consultation.