Everyday billions of phishing emails like the following example are sent to employees from cybercriminals – hoping to deceive and steal from unsuspecting victims. They come in all shapes and sizes – employee e-mails, fake websites, even malicious voicemails – making it even harder for users to detect what’s real or not. Phishing is dangerous, and businesses need to educate their employees on this latest cyber threat. We’ll be covering the most common types of phishing tactics targeting businesses and offering tips to prevent yourself from becoming the next victim. First, let’s start with the basics and explain why phishing is so popular.
What is Phishing?
Even though it’s one of the oldest types of cyber crimes, it’s still one of the most widespread and effective cyber attacks out there. It remains a major threat to most organizations because phishing campaigns are becoming more sophisticated. Cyber criminals have developed many different techniques to gather more information about their targets and create more convincing messages. Watch out for these most common techniques:
1. Spear Phishing
These are messages targeted towards a specific individual or organization. Instead of the typical spam message that blasts out to lots of people, cyber criminals research their victims to create a more convincing and personal message. This includes checking social media accounts and researching other info available online. These emails include personal information to gain viewer’s trust.
Similar to spear phishing, whaling targets its victims at higher levels within an organization. These high profile targets include company executives or important board members. These messages pretend to be third-party organizations or another executive, asking other team members for replies or attachments.
3. Clone Phishing
This type of phishing e-mail is created to look exactly like a previous delivered e-mail. The major difference is that the attachments or links in the email are replaced with malicious ones and sent from a spoofed email that appears to come from the original sender.
4. Link Manipulation
This phishing technique involves creating a malicious link that appears to belong to a spoofed organization. These links might look legitimate but contain small differences such as misspelled URLs and subdomains. Some links even change the text displayed to a link from a reliable destination but leads to a malicious site.
5. Domain Spoofing
Just like how it sounds, this phishing tactic involves hackers spoofing an organization’s domain to make their messages or sites look legitimate to viewers. For e-mails, they’ll mimic the messages to make them look like they’re coming from the organization’s domain. For websites, hackers will adopt an organization’s website design and use a similar URL to mimic a domain.
Best Practices to Prevent Phishing
While these are the most common phishing schemes, hackers have even evolved beyond e-mails to lure victims through malicious text messages and voicemails. With new technology and more sophisticated schemes, how can you prevent your organization from becoming the latest victim? While there’s no single solution to stop phishing schemes, here’s some best practices any business can use to protect themselves and their employees.
1. Educate Your Employees
- Poorly written messages
- Unusual attachments
- Requests for personal information
- Suspicious URLs
- Message that sounds too good to be true
Hold these training sessions every three to six months, and make it them mandatory for all employees.
2. Establish Two-Factor Authentication for Logins
Instead of the standard password login, organizations can add an extra layer of security with two-factor authentication. This additional security measure requires multiple pieces of info for someone to log into their account. This usually includes something you know (password), you have (phone verification), and/or you are (biometrics, fingerprint scans, etc.). If a hacker does retrieve your login info, the second step blocks them from easily accessing your account or personal information.
3. Use Encrypted and Secure Websites
Make sure all websites your employees visit, including your own, are secure and encrypted. These websites should use secure protocols (HTTPS) that protect the data transmitted between sites and users’ browsers.
4. Step Up Your Password Game
5. Filter Incoming Emails
Organizations can use a wide range of up-to-date email and spam filters from popular email hosts such as G-mail and Microsoft Outlook for protecting their employees from phishing schemes. Organizations can also establish email authentication systems such as Sender Policy Frameworks (SPFs) or DomainKeys Identified Mails (DKIMs) to whitelist specific domains and prevent phishing from external domains.
Stay Ahead of the Game
Phishing is constantly evolving, and businesses need to stay one step ahead in order to protect their employees and data. For more information on cybersecurity best practices and tips, please contact us at 808-237-5000 or request a FREE consultation.