Although we continue to take measures to secure our systems and facilities, malicious actors will always attempt to identify a weak link to any organization. They no longer smell silicon. They smell blood. What this means is that attempts to exfiltrate a secure system or obtain secure and confidential files will start with the individual. A malicious actor will attempt to exploit someone to get this information. We have been discussing this at length as it has become a significant tool in the arsenal. It is called Phishing!
We will cover this term to ensure we can all recognize a Phishing attempt when it occurs. Why? Because hackers are altering their methods and becoming more sophisticated as employees become more security conscious. With this brief, we will be discussing six of the most common phishing attacks.
For example, Bank account scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake banking institution login page that collects a user’s login credentials and delivers them to the attackers.
The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should scrutinize all URLs to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.
For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number, and other information in an attempt to trick the recipient into believing that they have a connection with the sender.
The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.
Spear-phishing is especially commonplace on social media sites like LinkedIn, Twitter, or Facebook where attackers can use multiple sources of information to craft a targeted attack email.
To protect against this type of scam, employees must remain aware of these types of attempts and be able to spot them. We should also discourage users from publishing sensitive personal or corporate information on social media.
Fraudsters can choose to conduct Executive fraud where attackers impersonate an executive and spoof that individual’s email to authorize fraudulent wire transfers or changes to account information to a financial institution of their choice.
NEVER complete financial or confidential information requests using only email authorization. Always clarify with a phone call to the executive making the request.
The Internet’s naming system uses DNS servers to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses used for locating computer services and devices.
Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.
To protect against pharming attacks, organizations must encourages their employees to enter in login credentials only on approved HTTPS-protected sites. This also encourages implementing anti-virus and filtering software on all corporate devices and performing virus database updates, along with security upgrades on a regular basis.
For example, millions of people use Dropbox every day to back up, access and share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s popularity by targeting users with phishing emails.
One attack campaign, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.
To protect against Dropbox phishing attacks, users should consider implementing two-step verification (2SV) on their accounts.
Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.
A group of attackers did just that back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.
Once again, users should consider implementing 2SV to protect themselves against this type of threat.
Using the guide above, you will be able to more quickly spot some of the most common types of phishing attacks. But that doesn’t mean you will be able to locate each and every phish. On the contrary, phishing is continually evolving to adopt new forms and techniques. We must continue to research and seek new methods to counter these attacks and create awareness for all employees.
DO NOT BECOME THE NEXT VICTIM OF A PHISHING ATTACK!
If you have any questions and/or comments on how we can continue to improve security at Etech, please feel free to reach out to email@example.com.