What is phishing - Need for Phishing Awareness
While a lot of organizations rely on phishing awareness training to mitigate the threats of phishing and spear phishing. This article will talk about if phishing awareness is really necessary to protect yourself against phishing attacks.
Phishing attacks continue to make news headlines and target your employees. In the following story, we reveal some of the devastating effects of phishing attacks and show how phishing simulations can help build security resilience in your workforce.
As attackers may not be phishing your employees on a regular basis, controlled phishing simulations allow your employees to remain on alert and improve their detection skills continuously.
On a typical morning, Sam gets about 40 emails in her work account. She goes through the emails, deleting unwanted ones, reading ones of urgency, sending some out, scanning newsletters, opening shared documents, and checking her agenda for the day. All standard stuff.
These days, however, Sam faces her inbox with grim determination. Two weeks ago, she was under attack by a team of hackers whose goal was to phish Sam’s company. Sam got an email with a link to another site that appeared to be almost identical to the company name, but the domain ended with “.org” when the actual URL of the site should have been “.com.” Sam did not notice the subtle difference. After clicking on the link, she was directed to a page that looked like the original website, which asked her to input her username and password for an exchange of a downloadable document...read more at - terranova security.
How Does Phishing Work?
Cybercriminals pose as legitimate businesses or organizations and send socially engineered messages to trick their victims into:
* Providing their credentials (username and password) or other personally identifiable or private information
* Launching malicious files on their computers
* Opening links to infected websites
* Opening attachments that do things like plant malware onto the user's device that steals credentials and other PII directly by collecting this data when it is entered by the user
While the majority of phishing messages are delivered via email, they can also come from other sources, including:
* Phone calls / Voicemails
* Fraudulent software (eg, fake anti-virus)
* Social Media messages (eg, Facebook, Twitter)
* Advertisements
* Text messages
Get more info at - UNH.
Common types of phishing attacks
Phishing attacks utilize a number of mediums, leveraging common tactics to get potential victims to respond in the desired fashion. Some of the mediums include:
* Phishing (email) – Most people familiar with phishing instantly think of email as the medium. It’s the easiest method to get the undivided attention of their intended victim en masse using automated tools to hit literally hundreds of thousands to millions of individuals with a single click.
* Spear Phishing (email) – Attackers intent on targeting certain companies, industries, or even individuals will send out phishing attacks created specifically for that victim.
Whaling (email) – Whaling attacks are spear phishing campaigns targeting executives, generally using only social engineering techniques to trick the C-level exec into becoming a victim.
* Vishing (phone) – Phone calls can be a viable medium to trick individuals into resetting passwords, giving up credit card details, and more. Attackers have gone as far as to use deepface audio – a technology that allows them to sound like anyone they want, including your CEO – to trick users over the phone.
* SMiShing (text message) – Similar to email as a means of getting directly to the victim in question, SMiShing uses text messages to direct victims to websites intent on infecting mobile devices, stealing online credentials, or obtaining personal details.
To know more, visit - att.com.
Aim or hackers when they target you
Hackers Are Trying to Reel You in Through Email
Email is an essential part of our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. More than 90% of data breaches start with a phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate person or organization. They attempt to trick the recipient into downloading harmful attachments or divulging sensitive information, including passwords, bank account numbers, and social security numbers.
Phishing scams can have a number or different goals. They may attempt to:
* Target your cash and payment card data
* Gain control of your computer and local network resources
* Gain access to your University Computing Account and resources
Phishing scams typically attempt to take advantage of you by:
* Delivering file attachments that can infect your computer with harmful software
* Enticing you to click on links to websites that infect your computer with harmful software
* Tricking you into sharing your username and password so hackers can gain access to your network or other sites
Find more info at - University of Pittsburgh.
Conclusion
All the phishing awareness training in the world is not enough even if you are an expert in cyber security. A person's thoughts are unpredictable and therefore you should rely on something more secure and less time consuming such as an anti-phishing solution. This way you will be able to protect against the threats or phishing attacks.
