Article Read Time
Your organization probably gets a few phishing emails EVERY DAY! That doesn’t mean you have to be a victim.
First, we should answer the question, What are phishing emails?
Phishing is a form of social engineering in which cyber criminals entice a user to do something that allows them into the system or otherwise harms the network or computer. They do this by tricking an employee or another user into opening an attachment or clicking a link that leads to a fake site.
When a user opens an attachment, it will load malware (a harmful program) onto the device and then spread it to the entire network. The user may not even know that this happened.
The criminal will then be inside the network and be able to collect information to steal, launch a ransomware attack (a program that locks down the computer or network until a ransom is paid), create a back door (a secret way to access the computer/network whenever they want), to inflict more harm, or a combination of all the above.
If the user clicks a link sent by a cyber criminal, it takes them to a fake site that appears legitimate but is intended to prompt them to enter their account information or login credentials.
It may redirect the user to a fake site that can install malware on their device.
Read More: Phishing emails increased by 569%
There are different types of phishing emails.
There are several types of phishing scams that criminals use to attack people and organizations. As technology changes and users become savvier, criminals become more creative in their attempts to gain access to computers and networks.
Standard
This is the “casting a wide net” method. It does not target a specific individual; it is sent to many people.
It is usually not well-researched to ensure accuracy, but the more people who receive it, the greater the chance that someone will open it and click the link or open the attachment. Cyber security must defend against every single attack all the time, whereas a cyber attacker only needs one attempt to succeed (e.g., only one user to click).
Spear Phishing
This is a more targeted approach to “catch the big one” instead of trying to “catch whatever phish will bite.” A cyber criminal will spend time and effort researching a specific high-value target, such as a particular person or group.
Whaling
When the Spear Phishing attempt targets a very high-level individual, it is called Whaling. This can be a company CEO or the County Judge Executive. The chances of successfully getting the target to open or click are less. However, the payoff can be much bigger.
Example of Whaling
FROM: Andy.Beshear@KYGovernor.com NOT FROM: Andy.Beshear@KY.gov
Smishing
When a cyber attacker sends phishing messages via SMS text messaging to deliver malicious links, it is known as Smishing (SMS + Phishing).
As more people use their smartphones or tablets to work or communicate, cyber attackers are following them. Additionally, the open rate for an SMS is 98%, while the open rate for an email is only 20%. Therefore, a user is more likely to click the malicious link.
Vishing
When the criminal uses phone calls to contact a target, it is called Vishing (Voice + Phishing). The victim receives a phone call from someone pretending to be from a legitimate organization (IRS, Sheriff Department, Phone Company) asking for personal information (social security numbers, bank account information, credit card numbers, passwords).
So, how do you prevent becoming a victim of phishing emails?
The greatest weakness in any organization’s cyber security is its employees. However, the most significant asset is also the employees.
The key is to turn this weakness into an asset, a “Human Firewall.”
A Human Firewall comprises an educated, proactive, security-minded staff that can identify potential threats, report suspicious activity, and be part of the cyber security solution. Training is a great first step!
Do you prioritize your organization’s safety and security? Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.