Respecting cybercrime two thirds of phishing attacks globally speaking are attributed to
Show
Recommended textbook solutionsSocial Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene 369 solutions Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam. Learn why phishing still works, what makes us click, and how criminals are using COVID-19 scare tactics to trick you.The term “phishing” is a spin on the word fishing, because criminals are dangling a fake “lure” (the legitimate-looking email, website or ad) hoping users will “bite” by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames or other valuable information. But if you're like most people, you probably think you can identify a phishing attack before falling for one. Here's why you may be mistaken: 11 Types of Phishing AttacksSince being first described in 1987, phishing has evolved into many highly-specialized tactics. And as digital technologies progress, this attack continues to find new ways to exploit vulnerabilities. Below are 11 of the most pervasive types of phishing: Standard Email Phishing – Arguably the most widely known form of phishing, this attack is an attempt to steal sensitive information via an email that appears to be from a legitimate organization. It is not a targeted attack and can be conducted en masse. Malware Phishing – Utilizing the same techniques as email phishing, this attack encourages targets to click a link or download an attachment so malware can be installed on the device. It is currently the most pervasive form of phishing attack. Spear Phishing – Where most phishing attacks cast a wide net, spear phishing is a highly-targeted, well-researched attack generally focused at business executives, public personas and other lucrative targets. Smishing – SMS-enabled phishing delivers malicious short links to smartphone users, often disguised as account notices, prize notifications and political messages. Search Engine Phishing – In this type of attack, cyber criminals set up fraudulent websites designed to collect personal information and direct payments. These sites can show up in organic search results or as paid advertisements for popular search terms. Vishing – Vishing, or voice phishing, involves a malicious caller purporting to be from tech support, a government agency or other organization and trying to extract personal information, such as banking or credit card information. Pharming – Also known as DNS poisoning, pharming is a technically sophisticated form of phishing involving the internet’s domain name system (DNS). Pharming reroutes legitimate web traffic to a spoofed page without the user’s knowledge, often to steal valuable information. Clone Phishing – In this type of attack, a shady actor compromises a person’s email account, makes changes to an existing email by swapping a legitimate link, attachment or other element with a malicious one, and sends it to the person’s contacts to spread the infection. Man-in-the-Middle Attack – A man-in-the-middle attack involves an eavesdropper monitoring correspondence between two unsuspecting parties. These attacks are often carried out by creating phony public WiFi networks at coffee shops, shopping malls and other public locations. Once joined, the man in the middle can phish for info or push malware onto devices. BEC (Business Email Compromise) – Business email compromise involves a phony email appearing to be from someone in or associated with the target’s company requesting urgent action, whether wiring money or purchasing gift cards. This tactic is estimated to have caused nearly half of all cybercrime-related business losses in 2019. Malvertising – This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within. Phishing Examples: Can You Spot the Scam?Make no mistake, these attacks can be quite clever. After all, these types of phishing exist because they work. Let’s take a deeper look at two of the more common attacks. Anatomy of an Email ScamBelow is a fake Charles Schwab notice claiming the recipient has been locked out of his account and must update it to regain access. Here are some clues indicating this email is actually a scam:
Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t present? A smarter scammer could have corrected these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing manner. If they had done a better job, there would have been nothing alarming in the message. But it would still be a fake. Avoiding Phone ScamsHave you received any calls from ‘Windows Tech Support’ lately? The chances are high since this is one of the more common vishing attacks – a phone scam that reportedly made up nearly 30% of all mobile calls in 2018. As discussed above, vishing is an attempt to collect sensitive information over the phone. Attackers often pretend to be with tech support, your bank or a government agency to steal account information or even gain remote access to your computer. Follow these five best practices to avoid getting vished:
Two Ways to All but Guarantee You Don’t Fall for Any Phishing ScamApplying these two actions consistently will help protect you from online scams:
What to Do if You’ve Been PhishedIf you find you are the victim of a phishing scam, change all of your passwords immediately. Since most people use the same password for multiple sites (we hope you don’t), cybercriminals could be in the process of gaining access to your other accounts on commonly used sites. According to Dashlane, Americans have 130 online accounts on average. This makes remembering strong, unique passwords unmanageable without writing them down or using a simple formula – both of which are risky. Instead of rolling the dice on your password security, consider using a password manager. They make it easy to store all your passwords and allow for encrypted auto-filling of login forms. In fact, top antivirus solutions also include integrated password management so you can protect your passwords and devices from one place. What percentage of phishing attacks are behind successful cyber attacks?Phishing attacks are responsible for more than 80% of reported security incidents. According to CISCO's 2021 Cybersecurity Threat Trends report, about 90% of data breaches occur due to phishing.
At which percentage of the cyber attacks and data breaches do you think the attackers enter the company using phishing?This lack of awareness is a large contributing factor to the fact that phishing remains the threat type most likely to cause a data breach. In fact, according to Verizon's 2021 DBIR, around 25% of all data breaches involve phishing and 85% of data breaches involve a human element.
|