Due to its simplicity and high rates of success, phishing attempts have become pervasive amongst low-level criminals and high-tech hackers alike. Overall, experts estimate that examples of phishing and ransomware attacks generate over $1 billion annually from direct ransom payments and corporate loss.
In fact, Facebook and Google were recently the victims of a phishing scam resulting in $100 million in losses. Staff members at both companies were tricked into sending money to a hacker impersonating an electronics company. The attack lasted over a span of two years before the scammer was caught.
If tech-savvy people, like those at Facebook and Google, can become victims of phishing, what do you think are the odds of your staff falling victim? Education is the first step.
What is Phishing?
Phishing is the act of sending out malicious emails with the intent to take personal information, business secrets, or financial data under false pretenses. This email can ask a professional to supply the sender with sensitive information like login credentials or social security numbers, to click on a corrupt link, to visit an infected website, or to perform an external action that goes against normal protocols.
Examples of Phishing Attacks
Example of phishing attacks can take many forms, including:
1. Email Phishing
Attackers send emails pretending to be from trusted organizations like banks or government agencies, urging recipients to click on malicious links. For example, an attacker might impersonate a bank, asking you to verify your account details through a fraudulent link.
2. Spear Phishing
A more targeted attack is where hackers customize emails to a specific individual or organization, often using personal information to appear more convincing. An example would be an email seemingly from your CEO requesting an urgent wire transfer.
3. Whaling
A type of phishing that targets high-profile individuals such as executives and decision-makers within a company. For instance, a scammer might pose as a legal advisor requesting sensitive company documents.
4. Smishing and Vishing
Phishing attempts via SMS (smishing) or phone calls (vishing), where scammers impersonate banks, tech support, or other trusted entities. You might receive a text claiming your bank account is locked, urging you to call a number.
5. Clone Phishing
Attackers duplicate a legitimate email but replace attachments or links with malicious ones. An example includes receiving an invoice email identical to a previous legitimate one, but with a malware-infected attachment.
What can Phishing do?
The negative consequences of a phishing attack are serious, can carry on for years following an attack, and can initiate a depressing ripple effect.
Of course, you stand to lose money, either through paying a ransom to get your data back, transferring money per the hacker’s instructions, or corporate losses from productivity while overcoming an attack.
You also stand to lose your hard-earned reputation, as well as your long-term livelihood. Sixty percent of small businesses that suffer a cyber-attack, like phishing, are out of business within six months if they ever open their doors again at all.
Where is Phishing headed?
Phishing is no longer limited to the inbox or impressive cyber-criminals. In fact, it never has been.
A successful phishing campaign can be played out in person, over the phone, or through an online advertisement by any petty criminal who wants to give it a go. All that’s required is a heavy dose of social engineering and maybe even some acting skills. To do this, a person preys upon human weaknesses by employing a variety of tactics. Here are a few possibilities:
- Offering something for something – Here’s a shiny, new pen. Now, what’s your password? This may seem like it won’t work, but it does.
- Showcasing a deal that’s too good to be true – Click here for your free trial of Photoshop! Works all the time. Ever heard of the Trojan horse?
- Acting like a concerned third party – I’m calling from ABC Internet Company, and we noticed you’re experiencing some technical difficulties. Could we have your login credentials to run a few tests? Seems legitimate enough.
- Pretending to be an authority figure and/or causing a scene – Your boss is going to have to answer to me if you don’t let me in his office right now! What receptionist would say no to that? Not very many.
These are just a few of the potential situations where social engineering goes beyond the typical phishing email and enters into the real world. Much like a phishing email, these situations can be difficult to spot, and if given enough detail and planning, they can be near impossible to effectively avoid.
How do you protect yourself from Examples of Phishing?
Your greatest defense against phishing emails and social engineering, in general, is your suspicion. You should always remain 100% suspicious of every request for information, money, and data that you receive – even if it comes from your CEO. Here are a few tips to help you and your fellow team members protect your business and yourselves from everyday phishing scams:
- Create strong internal processes that encourage requests to be double-checked and sometimes triple-checked.
- Review all contents of the email to ensure that the proper grammar, contact information, and email address are used.
- Consider the request carefully and don’t always respond immediately. Ask yourself why someone would need this information if this is typically how things are handled, and if this is coming from and going to the appropriate source.
- Use strong anti-phishing software that protects your inbox and your internet browsing.
- Regularly train and educate your staff members on how to effectively detect and avoid phishing emails (we offer User Awareness Training and can handle the education aspect).
Networks Unlimited is Here to Help You
As a company specializing in online network security and email applications, we understand the inner workings of phishing. If you have any questions on how to better prepare your business to fight off a phishing attack, contact us. We would be happy to discuss the security of your online data!