Phishing Attacks Not Going Away Soon

Marc Mendez

As much as we wish for a cease and desist order, phishing attacks aren’t disappearing anytime soon. In fact, several experts are predicting that, not only are phishing attacks going to continue this year, but threat actors are likely to increase the number of phishing attempts because it’s such a simple form of attack that yields high results.

One of the reasons they’re so profitable is, unfortunately, us. Human nature. Threaten to freeze our accounts and we stop thinking rationally. Offer a bit of flattery and we’re likely to not perceive a threat. Threaten jail time, we panic. These are quite legitimate human vulnerabilities that threat actors prey upon to get us to abandon better judgment and click what they want us to click.

Is your organization prepared for such an attack? We’ll talk about the three most common types of phishing attacks that might hit your organization, three ways to make cybersecurity top of mind for your employees, and a tool that helps to prevent these kinds of attacks from crippling your business.

The 3 Most Common Types of Phishing Attacks You’re Likely to See

Wombat Security’s State of the Phish Report says that 76 percent of businesses were the victim of a phishing attack in 2018. This statistic shows that phishing attacks are viable and profitable, making it highly unlikely they will disappear.

So, let’s look at the 3 most common types of phishing attacks that you’re likely to come across:

1. Deceptive phishing attacks. Have you ever received an email from a bank that claims your account has been frozen and will remain inaccessible to you unless you click on the link provided and enter your account information? This type of email is a perfect example of a deceptive phishing attack. It’s the most common type of phishing attack out there, and it occurs when the threat actor impersonates a legitimate company in an attempt to steal your personal information or your login credentials.

2. Spear phishing attacks. Customizing their emails with your name, company, position or other personal information, spear phishers lull you into thinking that you’ve had previous contact with them to lure you into clicking on a malicious link or email attachment. These emails will often appear to be part of your normal, day-to-day activities, and ask you to perform actions that don’t appear to be out of the ordinary. For instance, the threat actor might masquerade as your HR department and ask you to verify your benefits policy information. Seems innocuous enough, right? But as soon as you click that link, they have access to your personal data.

3. Malware-based phishing attacks. You work in accounts receivable. Someone, presumably one of your vendors, sends you an email asking you to download an invoice. As soon as you click that file, you’ve become a victim of malware-based phishing; malicious software embedded in that file exploits the security vulnerabilities of your machine when it is triggered. Malware is intentionally designed to do several things:

• To corrupt your machines to disrupt your operations.
• To steal specific information from your organization, whether that’s personal, financial or proprietary business information.
• To spy on your network (spyware).
• To lock you out of your computer system and force you to pay a ransom to get it back (ransomware).
• To take control of your computers for illicit purposes (which could also lead to blackmail or extortion).

End-Users Are First Line of Defense – Train Them!

A good way to protect your organization from phishing attacks such as the ones listed above is …