In case you didn’t believe that phishing scams are a serious issue, know that according to the FBI the losses caused by email scams incurred by businesses reached a staggering $12.5 billion in 2018 alone. According to Cofense, a provider of phishing protection, such attacks rose to 65% worldwide in 2017. Scary, right? There are certain measures that can be taken to make sure you don’t become a victim of these crimes, though. Understanding the different types of phishing and the most appropriate ways to defend yourself against them is step number one…
This type of phishing refers to an email-spoofing cyber threat that is able to hunt for a certain company or person with the intentions of gaining access to personal information. The main objective of such an attack is to convince the victim to click on a fraudulent website or email attachment, where they will then be asked to reveal their personal data.
The best protection against this type of scam for businesses is to perform regular employee security awareness training that should cover details such as filling in personal or corporate details on social media. Another way to fight against these attacks is to invest in protection solutions that are able to scan incoming emails for known illegal links or email attachments.
By targeting a company’s CEO or other top executives, AKA the ‘whales’ that earn the biggest incomes, the phishing technique of whaling hopes to take advantage of the greater value of more valuable targets. The objective of such an attack is to trick the user into giving out personal information, company data, or money.
To avoid these attacks, the best course of action is to set a checking procedure when it comes to transferring funds, like an over-the-phone or face-to-face approval process. Also, be sure to teach your personnel to verify domain names when it comes to wire transfers. Another thing that can be done is to use email filtering protection for incoming emails that notifies the user of emails that are sent from certain domains.
Also termed ‘phishing without a lure’, pharming is a scamming technique that is able to set up malicious software on a PC or a server, leading the user to illegal websites without them knowing about it or approving it.
A wide spread pharming method named domain name system poisoning consists of modifying the table storing the domain name system on a server. This way users are directed to illegal websites when they want to access a legitimate one. After their personal information has been revealed to the illegal website, the attacker can eventually steal the user’s identity.
To avoid this kind of scam you need to utilize a good antivirus program that is able to recognize fake websites and to avoid download programs or files from unknown or unauthorized sources. Also, ensure you always have your firewall set up and enabled on your PC.
Business Email Compromise (BEC)
These attacks rely on gaining access to a company’s email account and spoofing the owner’s identity to scam the company, its personnel, partners, or clients. Sometimes the criminal behind it just creates an email address that is very similar to the original one, with the objective usually being to convince the victim to send out money.
To defend yourself against this type of attack, among others, use encryption to protect messages by encoding the text inside them and make sure that the recipient is legal. You should also enable the notifications within your email client that alert you when emails are received from senders whose addresses do not match with previous contacts.
Mind you, phishing is a constantly evolving threat, so if you are a business owner, make sure that you invest in the appropriate security solutions so that you and your company can be protected against this type of cyber attack.