Phishing is one of the most common, most dangerous types of cybercrime. Regardless of how much we’ve been warned about it how prepared we think we are, people still fall victim to scam emails and phishing email.
Action Fraud receives more than 400,000 reports of phishing emails each year, and according to Mimecast’s State of Email Security 2020, 58% of organizations saw phishing attacks increase in the past 12 months.
Practically one of the easiest forms of cyberattack for offenders to carry out, phishing is one of the easiest to fall for. It's also one that can furnish everything a hacker needs to ransack their targets' personal and work accounts.
Do you know? 43% of breaches take place at small business It Happens quickly. All it takes is one person to accidentally share sensitive information to someone outside the company.
With Microsoft 365, you have full control over who has access to your data. You can encrypt sensitive emails to communicate securely with customers and apply restrictions so that documents cannot be forwarded or copied. This FREE Infographic lists everything that is potentially at risk and how to protect it.
Usually shifted over email, a phishing attack attempts to trick the target into doing what the hacker wants. That may include handing over passwords to make it easier to hack a company, or even altering bank credentials so that payments go to criminals instead of the correct account.
Since being first described in 1987, phishing has evolved into a number of branches. As digital technologies go on to progress, this attack continues to find new ways to exploit vulnerabilities in systems. Here are 11 of the most extensive types of phishing:
This is the most widely known form of phishing. This attack is an attempt to fish out sensitive information through an email that appears to be from a legitimate company. It is not a targeted attack and can be conducted amongst masses.
Utilizing the same techniques as email phishing, this attack ensures that targets click on a link or download an attachment so malware can be installed on the device being used. It is right now, the most pervasive form of phishing attack.
Where most phishing attacks cast a wide net, spear phishing is a highly-targeted, deeply-researched attack generally focused at business executives, public personas and other targets.
Message-enabled phishing delivers malicious short links to smartphone users, normally disguised as account notices, prize notifications and political messages.
In this type of attack, cyber criminals set up fake websites put together to collect personal information and direct payments. These sites can show up in organic search results or even as paid advertisements for popular search terms.
Vishing, or voice phishing, involves a malicious caller purporting to be from tech support, a government agency or other organization and trying to extract personal information, such as banking or credit card information. This has been happening on a large scale lately.
Also known as DNS poisoning, pharming is a technically sophisticated form of phishing involving the internet’s DNS. Pharming reroutes organic web traffic to a spoofed page without the user’s knowledge, often to steal valuable information.
In Clone Phishing, a shady actor compromises a person’s email account, makes changes to an existing email by swapping a authorized link, attachment or other element with a malicious one, and sends it to the person’s contacts to spread the infection.
A man-in-the-middle attack involves an eavesdropper monitoring correspondence between two unsuspecting parties. These attacks are often carried out by creating phony public WiFi networks at coffee shops, shopping malls and other public locations. Once joined, the man in the middle can phish for info or push malware onto devices. Scary now, isn't it?
Business email compromise involves a phony email appearing to be from someone in or associated with the target’s company requesting urgent action, whether wiring money or purchasing gift cards. This approach is estimated to have caused nearly half of all cybercrime-related business losses in the year 2019.
This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within.
You can find out more on how to Prevent Ransomware Attack Using Microsoft Security Solutions on this blog.
Make no mistake, these attacks can be pretty cunning. Evidently, these types of phishing exist because they work. Scammers launch thousands of phishing attacks every day and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. Here are a few pointers for you to identify an email that is actually a scam:
Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t there at all?
A smarter fraudster could have corrected these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing way. If they'd done a better job, there would have been nothing alarming in the message. But it would still be a fake.
Microsoft 365 is providing different Security features to protect the customer and their data from such sort of attacks but here we will talk about the baseline, which anyone can follow.
Let’s get right into the precautions.
1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
If you got a phishing email or text message, report it. The information you give can help fight the hackers.
Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at email@example.com. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
How Communication Square Can Help You Fight Phishing Attacks
There are a number of technological approaches to go up against phishing attacks. Certain software’s send test phishing emails to corporate employees which then provide solutions to the security leadership. Communication Square can help you combat Phishing Email by setting up Microsoft’s unbeatable Intune Security Solution. All you need to do to get in touch with us is book a cloud strategy call today!
Last Updated 4 weeks ago