February 1, 2022

Microsoft 365 Security

How Phishing is Wreaking Havoc on Companies

Table of Contents
Heading 2 Example
Heading 3 Example
Heading 4 Example
Heading 2 Example
Heading 3 Example
Heading 4 Example

Phishing is one of the most common, most dangerous types of cybercrime. Regardless of how much we’ve been warned about it how prepared we think we are, people still fall victim to scam emails and phishing email.

Action Fraud receives more than 400,000 reports of phishing emails each year, and according to Mimecast’s State of Email Security 2020, 58% of organizations saw phishing attacks increase in the past 12 months.

Practically one of the easiest forms of cyberattack for offenders to carry out, phishing is one of the easiest to fall for. It's also one that can furnish everything a hacker needs to ransack their targets' personal and work accounts.

Usually shifted over fake emails, a phishing attack attempts to trick the target into doing what the hacker wants. That may include handing over passwords to make it easier to hack a company, or even altering bank credentials so that payments go to criminals instead of the correct account.


The Various Types of Phishing Attacks

Since being first described in 1987, phishing has evolved into a number of branches. As digital technologies go on to progress, this attack continues to find new ways to exploit vulnerabilities in systems. Here are 11 of the most extensive types of phishing attack methods:

 

Do you know? 43% of breaches take place at small business 

Go Passwordless! The future is here for your Microsoft account, and it no longer requires a password! No more worrying about a breach happening to your business. This Free Inforgraphic will list everything that is potentially at risk and how to protect it. 


Standard Email Phishing

This is the most widely known form of phishing. This attack is an attempt to fish out sensitive information through an email that appears to be from a legitimate company. It is not a targeted attack and can be conducted amongst masses.


Malware Phishing 

Utilizing the same techniques as email phishing, this attack ensures that targets click on a link or download an attachment so malware can be installed on the device being used. It is right now, the most pervasive form of phishing attack.


Spear Phishing

Where most phishing attacks cast a wide net, spear phishing is a highly-targeted, well-researched attack generally focused at business executives, a financial institution, public personas and other lucrative targets.


Smishing

SMS-enabled phishing delivers malicious short links to smartphone users, often disguised as account notices,  official email, prize notifications and political email messages.

 

Search Engine Phishing

In this type of attack, cyber criminals set up fraudulent websites designed to collect personal information and direct payments on secure websites. These sites can show up in organic search results or as paid advertisements for popular search terms.

 

Vishing 

Vishing, or voice phishing, involves a malicious caller purporting to be from tech support, a government agency or other organization and trying to extract personal information, such as banking or credit card information, leading to credit card fraud.

 

Pharming

Also known as DNS poisoning, pharming is a technically sophisticated form of phishing involving the internet’s domain name system (DNS). Pharming reroutes legitimate web traffic to a spoofed page without the user’s knowledge, often to steal valuable information in fraudulent attempts.

 

Clone Phishing

In this type of attack, a shady actor compromises a person’s email account, makes changes to an existing, actual email by swapping a legitimate suspicious link, attachment or other element with a malicious one, and sends it to the person’s contacts to spread the infection.

 

Man-in-the-Middle Attack 

A man-in-the-middle attack involves an eavesdropper monitoring correspondence between two unsuspecting parties. These attacks are often carried out by creating phony public WiFi networks at coffee shops, shopping malls and other public locations. Once joined, the man in the middle can phish for info or push installation of malware onto devices.

 

Business Email Compromise

Business email compromise involves a phony email appearing to be from someone in or associated with the target’s company requesting urgent action, whether wiring money or purchasing gift cards. This approach is estimated to have caused nearly half of all cybercrime-related business losses in the year 2019.


Malvertising 

This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within.

You can find out more on how to Prevent Ransomware Attack Using Microsoft Security Solutions on this blog.


How Can You Spot the Scam?

Make no mistake, these attacks can be pretty cunning. Evidently, these types of phishing exist because they work. Scammers launch thousands of phishing attacks every day and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. Here are a few pointers for you to identify an email that is actually a scam:

  • The email is never addressed to the recipient. If the recipient is truly being reached out to, they would know the recipient’s name. "Dear Customer" isn’t an identifier.
  • Grammatical errors: Words capitalized without proper grammatical use or too much punctuation is also a factor but since most people scan emails quickly, grammatical errors that are this small usually don’t get noticed in the browser window.
  • They try to reassure recipients by encouraging them to confirm the email is from who they’re posing as by providing a link of some sort in the email.
  • The emails may say they’ve noticed some suspicious activity or log-in attempts.
  • Emails might claim there’s a problem with your account or your payment information.
  • They may say you must confirm personal information.
  • They can easily include a fake invoice.
  • These emails would want you to click on a link to make a payment.
  • Suggest you’re eligible to register for a government refund or offer a coupon for free stuff.

Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t there at all? 

A smarter fraudster could have corrected these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing way. If they'd done a better job, there would have been nothing alarming in the message. But it would still be a fake.

Steps to Protect Yourself from Phishing

Microsoft 365 is providing different Security features to protect the customer and their data from such sort of attacks but here we will talk about the baseline, which anyone can follow.

Let’s get right into the precautions.

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:

  • Something you have — like a passcode you get via text message or an authentication app.
  • Something you are — like a scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.


How to Report Phishing

If you got a phishing email or text message, report it. The information you give can help fight the hackers.

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.


How Communication Square Can Help You Fight Phishing Attacks

There are a number of technological approaches to go up against phishing attacks. Certain software’s send test phishing emails to corporate employees which then provide solutions to the security leadership. Communication Square can help you combat Phishing Email by setting up Microsoft’s unbeatable Intune Security Solution. All you need to do to get in touch with us is book a cloud strategy call today!

(Last Updated On: February 1, 2022)

Last Updated 4 months ago

About the Author

Rijah is a professional Marketing Executive & content specialist. You may know her from her greatest hits like, "No, I can't just make it go viral." or "No, you can't have everybody as your audience." and "Yes, you're absolutely going to need a copywriter!"

Rijah Naseem

Share0
Tweet0
Share0
Author Image

Communication Square

May 25, 2021

5 Ways a Cybersecurity Service Benefits Your Business
Author Image

Communication Square

May 24, 2021

6 Ways You Make Use of Microsoft 365 to Increase Security of Your Business
Author Image

Awais Khalid

April 6, 2021

Security Features in Microsoft 365
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>

Get Real-Time Protection with Intune!

Get Started