top of page
Writer's pictureOnPoint

Out "Phishing"- Protect your business from phishing attacks

Phishing is the act of sending emails, calls or other communications with the intent of retrieving unauthorized information while posing as a reputable source. Put simply, phishing is when you pretend to be someone you’re not to get access to something you’re not supposed to have. Read more to find out how to protect yourself from this common attack.


Phishing Overview


Phishing is very serious since it can lead to financial loss and even identity theft. Phishing is one form of social engineering that threat actors deploy to get unauthorized access to information or even credentials that open a path to further exploitation. Taking time to identify and train staff is an important step to mitigate this risk.


Types of “Phishermen”



Just like fishermen, phishers hope that you (potential fish/phish) will be hooked by a convincing email or chat. Here are some types of phishing attacks seen today:


(Click to expand each section)

Bulk Phishing Attacks:

Most common phishing attack in which scammer tries to create an email that looks like it originates with a well-known large business or corporation. Bulk Phishing Emails typically are sent in “bulk” to potentially millions of recipients. Unfortunately, these emails are very convincing to the point that many busy workers may quickly see a legitimate looking subject line and just click all attachments or links in the malicious email. Usually by that point it’s too late, as the scammer usually embeds malicious code or attachments in the message.

Spear Phishing Attacks:

Social Media Phishing Attacks:

Phone Phishing Attacks:

Text/SMS Phishing Attacks:


 

How to avoid Phishing Attempts


Fear not, it’s possible to protect yourself from these types of attacks, and even spot them in the wild once you know what to look for. It’s strongly advised to train all your employees of the potential dangers of phishing attacks (See Blog “Employee Training Critical to Security”). Additionally, we recommend looking out for the following:


  • Check all incoming attachments and links in every piece of communication. Even if its in an ongoing thread.

  • Make sure to verify all senders/recipients are correct and you know who you are communicating with.

  • Be careful with all requests for personally identifiable information (PII), or financial information.

  • Be careful with all links. Especially short links that may be used to disguise the final destination URL.

  • Images, Attachments & unauthorized software that once downloaded/deployed can potentially compromise your network.

  • Sense of urgency or time constraints

  • Threats if you do not comply

  • Unrealistic Scenarios

In short, if it seems FISHY it's probably PHISHY.


Utilization of some common tools and software can greatly help mitigate the risk of getting phished. Make sure to use tools such as spam filters for email, Multi-Factor Authentication (MFA), Antivirus/Anti-malware, etc.


We hope this information helps you see how to protect yourself and your company from phishing attacks. Remember to think before you click!


OnPoint






3 views0 comments

Comments


bottom of page