The increasing number and complexity of spam and phishing scams observed by cyber risk assessment experts is becoming a critical issue for businesses. The number of attacks is growing each year.
Many organizations are not ready to resist a hack. Every company should explore the most efficient methods of detecting and withstanding typical phishing varieties. This article highlights six typical phishing types: impersonation, targeted attack, whaling, DNS disruption, and hacking cloud accounts. It also outlines basic methods of securing your business from the most common phishing scenarios.
The most popular form of phishing is impersonation, also referred to as deceptive phishing. This refers to a scam that involves impersonating a trusted individual in order to get illegal access to the user’s identity. The phishers circulate a message that scares the recipient, using compelling language to try and persuade the victim to take an action that will satisfy the hacker’s demands. The phisher makes the deceptive message look like one sent by a trustworthy person.
For instance, PayPal fraudsters distribute a phishing message suggesting the recipient must browse to a website to fix their log-in data. In reality, the URL triggers a phony PayPal sign-in routine that hijacks the victim’s account, making it available to the hackers.
Users should double-check any links to ensure they refer to a proper webpage. It is also good to pay attention to non-specific greetings and any faulty language in incoming messages.
2. Targeted Attack
Also referred to as a spear phishing, this is quite common and hits a selected prey. The targeted phishing uses unique attributes (place of employment, phone number, address, and so forth) to show the message sender is familiar with the recipient. The aim is the same as with impersonation: seducing the recipient into activating a misleading link or launching the Trojan in the attachment in order to fill in and send their credentials to the hacker’s server. Another popular aim is encrypting all files and demanding a ransom to unlock them.
Spear phishing often uses social networks like Facebook or LinkedIn, where data is easily available to scammers.
To avoid this targeted fraud, businesses should provide regular classes on cyber protection for their staff. Such training should cover a range of issues, including awareness of the risks of disclosing restricted corporate and individual details on social networks. Organizations are also encouraged to explore software options for examining incoming emails to detect and block blacklisted URLs and attachments.
Whaling is a variety of spear phishing aimed at CEOs and top managers. The scammers spear the top personnel (the ‘whales’), targeting their sign-in data. Once the hackers succeed in stealing the whale’s credentials, they are free to launch the CEO fraud. This is a stand-alone type of corporate account hijacking.
Whaling is possible as top managers tend to leave cyber security classes to the rank and file. Executives, just like other employees, should improve their cyber security skills by attending relevant training regularly. Businesses should review their transaction rules and perhaps forbid any email endorsed fund transfers.
4. DNS Disruption
The internet community is getting wise to phishing. Therefore, phishers are gradually giving up on hijacking users’ accounts via misleading letters. Instead, they have introduced a scenario known as pharming or DNS disruption. A pharming attack affects domain name system (DNS) logs.
DNS servers convert displayed website names, such as www.google.co.uk, into IP addresses, which tell your browser where to go. Pharming scammers attack a DNS server by disrupting (poisoning) the translation of a website’s displayed name into an IP address. Thus a hacker is able to make the victim visit a misleading page, despite the user entering the name of a safe website.
To avoid DNS poisoning, companies should instruct their staff to sign in only with HTTPS standard. It is also essential to protect corporate networks, hubs and equipment with up-to-date security suites and promptly implement reliable security patches.
5. Hacking Cloud Accounts
Many phishing attackers don’t try to derive credentials with a direct email to the victim but instead attack through fake cloud sign-in scams.
Dropbox is a good case study. Many people use it daily to create backup document copies, access their data online and share it with other users. Hackers attempt to spam the Dropbox subscribers with misleading emails. For instance, a recent phishing scam seduced victims to log-in with a phony content-sharing website embedded into the original Dropbox server.
Phishers attack Google accounts just like they hack data on other online platforms. In particular, they target Google Docs. Google Drive is compatible with virtually any common data format, from images and text documents to full-featured webpages. The scammers cheat users with a website disguised as a Google sign-in page. The victims give their usernames and passwords to the phishers as they believe they are logging in to the real Google page.
A bunch of crooks implemented this scenario in the middle of 2015 using a phony Google sign-in page, with an original certificate assuring security of the malicious connection.
Companies should use double verification (2SV) to protect against fake cloud sign-in and similar attacks. The two step verification is readily available for Dropbox and Google accounts, with checks using a phone or dedicated app.
Companies can detect phishing attempts faster by following the guidance above. However, that does not ensure that all attacks will fail, as phishing keeps on developing, absorbing new approaches and methods.
It is therefore essential that businesses ensure their staff are aware of the threat of phishing. Ongoing IT lessons for staff can help them to remain one step ahead of hackers’ advancements.