Skip to content

The Evolving Sophistication of Phishing Attacks


pexels-photo-6964373Phishing attacks, which aim to steal personal information and credentials, have been around since the late 1990s and they continue to be effective today. What’s more, they are evolving in order to stay up-to-date with changing technology and user habits. Below are some tips that will help you spot an attack before it’s too late.


The Phish - what it looks like
Cyber criminals often claim to be a representative of a financial institution or other organization, and these days they’re increasingly well-versed in psychology. Phishing messages typically trigger fear and urgency; for example, by claiming that you need to take action immediately because your account is overdue. It doesn’t matter if it’s subtle or overt—the intent is always to make you react quickly, without thinking through whether it makes sense or not.
Some phishing emails come with attachments, which can take over your computer if you open them. These malicious attachments often come in Microsoft Word files or PDFs—so users may be tempted to download and open them. It’s no surprise that many people ignore unsolicited messages, but that’s exactly what cyber criminals are counting on. You should never respond to a message like these, no matter how real it looks; instead, delete it immediately.

These emails prompt users to fill in sensitive information
The email was written in perfect English, signed off with a name that appears to be one of your contacts, and includes a reasonable request. The email may have an attached Excel file, Word document, or PDF; clicking on it will prompt you to fill in sensitive information. If you are not sure who sent it and if what they are asking is legitimate, please contact your network administrator before responding.

Most Targeted Industries
The goal of most phishing is financial gain, so attackers mainly target specific industries. The target could be the entire organization or its individual users. The top targeted industries include:
Online stores (ecommerce).
Social media.
Banks and other financial institutes.
Payment systems (merchant card processors).
IT companies.
Telecommunication companies.
Delivery companies.

Most Impersonated Brands
To trick as many people as possible, attackers use well-known brands. Well-known brands will incite trust in recipients, which will increase the chance that the attack will be successful. Any common brand can be used in phishing, but a few common ones are:
Google
Microsoft
Amazon
Chase
Wells Fargo
Bank of America
Apple
LinkedIn
FedEx
DHL

Phishing Protection
Protecting your company’s network against phishing is an important part of overall IT security. Once a hacker manages to gain access to a network, they can wreak havoc before being detected; however, using a couple easy steps and software can help prevent any unwanted guests from entering your server undetected.
Education expanded into real-world examples and exercises will help users identify phishing attempts: A common tactic used by hackers is to send emails that appear to be from reputable companies or individuals—the hope is that users will take action on these emails, providing sensitive information like login credentials or credit card numbers. One way to prevent such attacks? Educating employees about what phishing looks like in practice.

We can help
There are many solutions in the market that can proctect your organization. In addition to educational programs, which we can provide, can sit with our clients to discovery the scope of their needs. With specific needs in mind, we match each client to the best solutions with our partners.
Instead of sitting in long sales pitches, we actually get to the bottom of the need and help you make informed decisions on which platforms to select.
If your organization has more than a 1000 email mailboxes without proper protection (with only out-of-box generic protection that comes with Microsoft and Google) then there is no time to waste. Contact us today to schedule a call.

Blog comments