Avoiding 3 Common Phishing Attacks
Some of the most damaging and dangerous crimes occur online from phishing attacks. Just one mistake and your business’s future could be dramatically changed.
These attacks have evolved into sophisticated schemes with severe consequences. Cyber attacks leave you exposed to stolen data, business interruptions, financial ruin, and a damaged reputation. It is imperative to educate employees on cyber security practices. Understanding the common types of phishing attacks can help you create cyber security strategies, mitigate your risks, and protect you and your business from a variety of modern-day threats.
Email Phishing
This is the most common type, occurring when a cyber criminal tricks victims into sharing sensitive data or login credentials. The criminal poses as a trusted organization or contact, like a bank or subscription service, and uses a very similar email address, usually containing the name of the organization. The fake domain may have a spelling error that is easy to overlook (such as using ‘r’ and ‘n’ next to each other so it will appear as ‘rn’ instead of ‘m’).
Take Protection: Always check the email address of a message that asks you to provide information, click a link, or download an attachment. Avoid responding to emails that appear to be from legitimate organizations without calling the organization (use the phone number on the organization’s website, not email) to confirm the email’s validity.
Spear-phishing
More sophisticated than deceptive email phishing, these emails are sent to a specific person and use more customized information to convince victims to click on dangerous links or attachments. In these attacks, criminals already have personal information on victims including name, email address, employer, job title, and job description.
Take Protection: Educate staff regarding the dangers of exposing themselves and the organization by sharing personal or company information online.
Whaling
These targeted attacks use the same techniques as spear-phishing, but specifically take aim at senior executives. Knowing these individuals possess the company’s most sensitive data, cyber criminals attempt to gain access to their accounts and devices, obtaining employees’ personal information or authorize fraudulent financial transfers.
Take Protection: Conduct cyber security training for all employees, including executives. Require multi-factor authentication on accounts and all financial and data transactions.
Educating employees is key to protecting your company against cyber crime. IBA Clients, you have access to free cyber security training and resources through Mineral (formerly ThinkHR). Even with security software, employees are often the last line of defense against attacks.
We are available to answer questions regarding cyber security, mitigating your company’s cyber risks, and cyber liability policies.
Please contact us for more information.