Though it sounds like a past-time enjoyed by people everywhere, Phishing is a nasty and very common threat to individuals and companies everywhere.
To Phish (Phishing) – The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trusted entity in an electronic communication
SpearPhishing is effectively the same thing, but the term is reserved for phishing attacks that are targeted at specific individuals.
Whaling, a newer term, is reserved for those attacks of this nature aimed at high profile targets, such Executive and Director-level employees.
Though this type of attack was primarily created to steal information and gain access, there has been a marked increase in malware delivery via the same method.
Possibly the most recognizable of this type was the WannaCry attack in 2017. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
Protect Yourself, it’s everywhere!
The basic protection from such attacks is the same as always, DON’T CLICK ON RANDOM LINKS. Unfortunately, the attacks are more and more sophisticated and are becoming very convincing.
There are also a myriad of filters and software out there that either specialize in Email protection or include it with their other products. Bear in mind, this type of attack isn’t limited to Email any longer! Social media and even text messages are being used to attack.
If your budget is tight or you just don’t want to pay for it, use your head and apply some common sense.
Some basic rules to keep in mind:
- If it looks too good to be true, it probably is!
- If you are not sure about an email or message then contact the sender directly to check it.
- Look for spelling mistakes, or poor grammar. Not as common a mistake these days, but many attempts are still poor.
- Look at the sender’s address, there are sometimes details in brackets that can show a spoofed email address.
- Threats and Urgent deadline messages are designed to get you to act quickly, slow down and think about it.
- Be particularly careful with web links and documents downloads. If you’re not expecting it, then be suspicious.
- Hovering over a link will normally show it’s true destination, make sure you know where it’s taking you.
- Don’t forget, sometimes someone else has already been targeted and the bad guys could be using their actual identity to target you!
A few Examples…
Below are a few examples of Phishing, good and bad:
If your concerned or would like further information, please contact us at Centric Security.