Friday the 7th of June is National Fish and Chip Day. However, at Curious Frank we want to raise awareness of a different kind of fish – phishing!
What Is Phishing?
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials, account information and more.
How Does It Work?
Phishing attempts come in all shapes and sizes, just like fish! Phishing attacks typically rely on social engineering and public sources of information, including social networks like Twitter, Facebook, LinkedIn and Instagram, to gather background information about the victim’s personal and work history, interests and activities to trick individuals to believe they have received a genuine email.
Pre-phishing attack reconnaissance can uncover names, job titles and email addresses of potential victims, as well as information about their colleagues and the names of key employees in their organisation. This information can then be used to craft a believable email to individuals as well as entire groups of staff!
Types of Phishing
Goldfish, Catfish, Cod, Mackerel, Mullet… there are thousands of species of fish – the same can be said about Phishing techniques used by cyber-criminals! Some of the most common types of phishing attacks include…
Spear phishing attacks are directed at specific individuals or companies, usually using information specific to the victim that has been gathered to successfully represent the message as being authentic. Spear phishing emails might include references to co-workers, senior management in the organisation as well as the use of the victim’s name, location or other personal information. These kinds of attacks aren’t exclusive to businesses – even social media users can be targeted!
Whaling attacks are a type of spear phishing attack that specifically targets senior management within an organisation, often with the objective of stealing large sums. Those preparing a spear phishing campaign research their victims in detail to create a more genuine message, as using information relevant or specific to a target increases the chances of an attack being successful.
A typical whaling attack targets an employee with the ability to authorise payments, with the phishing message appearing to be a command from an executive to authorise a large payment to a vendor, when in fact, the payment would be made to the attackers.
Voice phishing, also known as Vishing, is a form of phishing that occurs over voice communications media, usually through a telephone call or voice mails. A typical vishing scam uses speech software to leave voice messages to notify the victim of suspicious activity in a bank or credit account and solicits the victim to respond to a malicious phone number to verify their identify, allowing attackers to gain access to their accounts.
Evil Twin Wi-Fi Attacks
Phishing attacks can sometimes be like sharks – cunning, scary and appear when you least expect it! Evil Twin Wi-Fi Attacks are exactly that.
Cyber criminals can set up Wi-Fi access points in public places, or even in office spaces with deceptive names that are similar to legitimate access points in order to trick unsuspecting individuals. When victims connect to the evil twin Wi-Fi network, the attackers can gain access to all transmissions sent to or from the device, including user ID’s and passwords.
How To Prevent Phishing Attacks
Preventing phishing attacks can only be achieved by raising awareness, which is why we are hi-jacking Fish and Chip day!
By being aware of the latest phishing techniques adopted by cyber criminals, you are safeguarding yourself and your business from a potential disaster. However, we know that some people may act like Goldfish regarding phishing and may forget to double check email addresses, website links and other obvious signs of a phishing attempt.
To cut down phishing attempts, you can:
Prohibit open Wi-Fi use with your employees.
Regularly update your computers, systems and software with the latest security patches to protect yourself and your organisation from new vulnerabilities.
Ensure a gateway spam filter is in place in your organisation’s email system to eliminate dangerous emails from reaching their intended destination.
However, user education is always the first layer of defence against phishing!
Has your organisation experienced any forms of a phishing attack? Are you unsure of the next steps you should take? At Curious Frank, we offer a range of services that can make your staff more robust in the face of attempted cyber-attacks.
Furthermore, our team of ethical hackers can educate your staff on phishing and other cyber security awareness topics to prevent future attacks.
We can also test your employees with phishing campaigns to see how vulnerable they are to deceptive emails, texts, voice messages and Wi-Fi networks. To find out more about Curious Frank's services, please click here, or please get in touch!
Are you curious about cyber security? We'll be frank about it! From security consultations, cyber security training, digital foot-printing, extensive security tests and more, Curious Frank the best range of services to help individuals and organisations be more cyber secure.