Amongst many other things, this year has shown us that phishing attacks* are as rampant as ever, with many cybercriminals taking advantage of the chaos caused by COVID-19 to target individuals and businesses alike.
While phishing is not a new problem, it is an ever-evolving attack method that hackers are constantly adapting and honing to increase the success of their criminal campaigns.
And while email providers equip accounts with filters to identify phishing attempts early and ensure they never reach user inboxes – or at the very least come with a warning – these filtering systems must be constantly updated to meet the latest strategies employed by hackers.
Hackers running phishing scams work hard to enhance and improve their techniques, creating content capable of bypassing secure systems and mail filters.
With this in mind, we want to educate you on how to spot such tricks and avoid the damaging consequences that can potentially occur.
2. Spear phishing
Spear phishing is a type of phishing attack that is specifically aimed at a particular individual or business.
Examples might include an email sent to a company pretending to be one of its suppliers or a message to a staff member impersonating their employer’s accounts department.
Unlike standard phishing tactics (which throw out a wide net via hundreds of thousands of emails in the hopes of randomly catching victims), spear-phishing selects a target and undertakes research before attacking.
Information that is publicly available will typically be collected first, with a wealth of data available from social media accounts, online CVs and company websites etc. This easily accessible information will then be combined with any other personal or private data the hacker has been able to acquire from previous phishing schemes.
The more information gathered, the better the hacker can impersonate an entity trusted by their chosen target. To add to their authenticity, spear-phishing emails often use spoofed email addresses so that messages appear to originate from a real address used by a trusted source.
2. Whaling
Whaling is a term used to categorise an even more focused version of spear phishing, which targets high-level executives within an organisation. The content of these often email-based attacks is cleverly crafted to encourage those with upper management roles to activate malicious links or mistakenly transfer funds to criminals, believing them to be authentic clients or suppliers.
Legal issues, customer complaints and other matters requiring executive authorisation are used as templates in attacks.
Executives often make valuable targets for cybercriminals, as if fooled, they can offer hackers greater access to enterprise systems when credentials are stolen.
For further advice and information about how you can fully secure your data, contact our specialist team at Galaxkey.
Tel: +44 (0)333 150 6660
Email: sales@galaxkey.com
Or follow this link: CONTACT US
* Phishing attacks are defined as electronic communications that attempt to fool or persuade recipients into taking certain actions or sharing private information, phishing attacks can arrive via various channels, from voice recording files and SMS messages to emails with harmful links and attachments.