14 February 2022
Phishing attacks are on the increase, so it is important to be vigilant to protect yourself from potential online attacks. Phishing attacks are usually done by email but sometimes can happen via text message. They are the practice of sending fraudulent communications that appear to come from a reputable source. The attacker’s goal is to steal sensitive data like login information and credit card details, or to install malware on your device.
There are many different types of phishing, below we have touched on a some of the most common to look out for.
Deceptive phishing is one of the most common types of attacks. The attacker attempts to obtain your confidential information which they use to steal money. For example, this could be a fake email from your bank requesting that you verify your account details which the attacker can then steal. It could also be a fake invoice that they want your business to pay or that you’re eligible for a tax refund. Scammers launch thousands of phishing attacks like these every day and they’re often successful.
Spear phishing targets specific individuals instead of a group of people. Attackers often do research into their victims so they can appear more authentic when communicating. This kind of attack is often the first step used to penetrate a business’ defences.
Office 365 phishing attempts to gain access to your Office 365 email by sending you a fake email from Microsoft with a clickable URL link. The email would prompt you to log into your account to reset your password, giving a reason such as there had been a security breach on your account.
Whaling is when the attackers go after a key or high-profile individual, like the owner of a company. Attackers spend a lot of time profiling the target to try and steal login information. They do this as executives have access to a larger amount of company information.
How can I protect myself from attacks?
One of the best ways to protect your business is to educate your employees on how to recognise a phishing email and what to do when they do receive one. Simulation exercises are also useful in assessing how your employees react to a staged phishing attack. You may also want to consider:
If you suspect you have encountered a phishing attack, it is best to ask yourself if you have an account with this company or know the individual who has sent the message. If you do, then you should firstly contact them via an email address or phone number you know is real to confirm with them directly. Opening attachments that you suspect are not legitimate could leave you open to a harmful malware attack. It is always best to be safe.
If you would like information on keeping your own website secure, then please get in touch with us via our contact page.