• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / April 6, 2023

Phishing emails are up 569%. Are you next?

Phishing

The short answer is yes, and your organization probably gets a few EVERY DAY! That doesn’t mean you have to be a victim.

First, we should answer the question, What is phishing?

Phishing is a form of social engineering in which cyber criminals entice a user into doing something that will allow the criminal into the system or otherwise harm the network or computer. They do this by tricking an employee or other user into opening an attachment or clicking on a link that goes to a fake site.

When a user opens an attachment, it will load malware (a harmful program) onto the device and then spread it to the entire network. The user may not even know that this happened.

The criminal will then be inside the network and be able to collect information to steal, launch a ransomware attack (a program that locks down the computer or network until a ransom is paid), create a back door (a secret way to access the computer/network whenever they want) to inflict more harm or a combination of all the above.

If the user clicks on a link sent by a cyber criminal, it takes the user to a fake site that looks legitimate but is intended to have the user enter their account information or login credentials.
It may take the user to a fake site that can load malware onto their device.

There are different types of phishing.

There are a number of types of phishing scams that criminals use to attack people and organizations. As technology changes and users become savvier, criminals become more creative in the ways they attempt to gain access to computers and networks.

Standard

This is the “casting a wide net” method. It does not target a specific individual but is sent out to many people.
It is usually not well-researched to ensure accuracy, but it depends on the fact that the more people who receive it, the greater the chance someone will open it and click on the link or open the attachment. Cyber security must defend against every single attack all the time, whereas a cyber attacker only needs one attempt to work to be in the system or launch their attack (i.e., only one user to click).

Spear Phishing

This is a more targeted approach to “catch the big one” instead of trying to “catch whatever phish will bite.” A cyber criminal will spend time and effort researching a specified high-value target, such as a particular person or group of people.

Whaling

When the Spear Phishing attempt targets a very high-level individual, it is called Whaling. This can be a company CEO or the County Judge Executive. The chances of successfully getting the target to open or click is less. However, the payoff can be much bigger.

Example of Whaling

FROM: Andy.Beshear@KYGovernor.com NOT FROM: Andy.Beshear@KY.gov

Smishing

When a cyber attacker sends phishing messages using SMS text messaging in order to deliver malicious links, it is known as Smishing (SMS + Phishing).

As more people use their smartphones or tablets to work or communicate, cyber attackers are going to where they are. Additionally, the open rate for an SMS is 98%, while the open rate for an email is only 20%. Therefore, a user is more likely to click the malicious link.

Vishing

When the criminal uses phone calls to contact a target, it is called Vishing (Voice + Phishing). The victim receives a phone call from someone pretending to be from a legitimate organization (IRS, Sheriff Department, Phone Company) asking for personal information (social security numbers, bank account information, credit card numbers, passwords).

So how do you prevent becoming a victim?

The greatest weakness in any organization’s cyber security is its employees. However, the greatest asset is also the employees.

The key is to turn this weakness into an asset, a “Human Firewall.”

A Human Firewall comprises an educated, proactive, security-minded staff that can identify potential threats, report suspicious activity, and be part of the cyber security solution. Training is a great first step!

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT