Last year Irish businesses lost €4,000 on average to fraud. With the whole world now working online, it’s hardly surprising; home WiFi and out of office security are typically much easier for criminals to outsmart. Since remote working is here to stay we must ensure teams are trained to be aware of phishing attacks more than ever before.
So, what is phishing?
Phishing is a form of cyber-attack that targets individuals and attempts to obtain sensitive information or data, such as passwords and credit card information by posing as a legitimate institution. These could be banks, educational institutions and utility providers among others and can come in many forms. To help you and your colleagues stay ahead of cyber criminals, here are some of the most threatening types of phishing methods used today.
Email phishing
Of all the types of phishing, email is the most common as it provides a direct line to a business’s weakest line of defence: its employees. Here are some of the most common types of email phishing.
– Phishing
Your regular email posing as a legitimate entity, asking for some personal details, or attempting to have you click on a link and unleash some malware. The original and still the most common type of phishing attack.
– Spear Phishing
Similar to regular phishing except this email is more targeted and customised to bypass spam filters and be more believable. When a phishing email might just say “dear recipient” before making a half-hearted demand, a spear phishing email will reference say a particular job role or issue the recipient might be facing in order to show familiarity and trust.
– Whaling
A more developed form of spear phishing, this attack targets CEOs and senior execs. These highly targeted types of phishing attacks will use things like names, job titles, and other information typically gathered from social media accounts to trick their victims into handing over sensitive information.
Smishing and vishing
These types of phishing attacks take advantage of people’s phones. Smishing attacks blast out SMS messages that make similar demands to that of your typical phishing email. Vishing attacks will do this over a voice call. These are often performed by automated systems with fake robotic voices: easy to ignore. However, plenty of criminals will use their own voice where possible so you still need to remain on your toes.
Evil twin
Here a cyber criminal creates a Wi-Fi hotspot designed to look legitimate. When an unsuspecting user logs in, the criminal has access to their device, names, and passwords. This can often take place in coffee shops and other places with low security WiFi.
Watering hole phishing
Here criminals will identify a website a business visits frequently, typically something providing a business with services – hence the watering hole name. Criminals will then infect the site with malware and access the business’s sensitive information. This will sadly infect anyone who accesses this website – i.e., the legions of users that criminals have no interest in.
Knowing the types of phishing employed by cyber criminals can be the difference between suffering a life-changing attack and business as usual. So, educating your team on avoiding phishing attacks should be company policy, especially since remote work isn’t going anywhere. Click below to learn more about our cybersecurity training services and how to avoid phishing.
Next Blog: The Ransomware Attack Striking “Right to the Core” of the HSE
