91% of data breaches are the direct cause of phishing campaigns
This is why it is important for all businesses to educate themselves and understand the potential threats that these phishing attacks can bring. The failure to recognize these tactics can mean life or death for your business. These are 3 advanced phishing tactics not often thought of but employees need to be aware of to help secure your company.
Compromised Trusted Third-Party Phishing
Most of the time phishing emails or messages are pretty basic. They may include blatantly fake email addresses or emails from a complete stranger entirely making them easy to distinguish as false. However hackers are becoming much more sophisticated in terms of crafting phishing emails. Cyber criminals may now hack into a trusted friend or family members personal email account or social media in order to send personalized phishing emails straight from a trusted source. Through access to a pier’s social media account the hacker has access to all of those person’s contacts and is then able to identify important relationships that may be exploitable. It is important to not interact with any suspicious links sent from a friend, family member, or coworker. Even though they may be trustworthy always double to check with the person to make sure neither of your accounts are at risk.
Most of us have probably come into contact with Open Authorization(OUATH) at some point on the internet. OUATH is what allows you to sign into new websites or services using a sign in for a different application. For instance if you go to create an account with Facebook it may ask you to sign-in through your Instagram, gmail or other login. While this may seem like a convenient way to link multiple social media accounts, it may actually do more harm than good. If you’ve used OUATH multiple times then you’re OUATH account and provider most likely has a list of all of your logins across multiple applications. All a cyber criminal needs to do to access all of your logins is send a personalized phishing email asking you to use open authorization thus giving them a foothold into your supposedly secure accounts. It is these advanced phishing tactics that your employees must be aware of.
SMS phishing messages are becoming more and more common these days as hackers have learned to make them even more personalized than ever before. Most phishing messages used to only have very general requests or information that could apply to virtually anyone. However, because of how easy it is to gather ones personal information such as a name or phone number via the dark web phishing emails are become even more detailed. These days you may see messages with personal information such as your name or even place of work. It is still important to realize that just because they contain specific facts about you doesn’t mean that they are to be automatically trusted. Be wary of unusual requests or links that are sent to you as they may be more sinister than they let on.
The most dangerous aspect of Phishing is that 97% of your employees may not be able to identify a phishing email leaving your business vulnerable
Make sure that your employees are made aware of these advanced phishing tactics as well as the may other ways cyber criminals operate by keeping them up to date on Security Awareness Training!
Check out other entries in the Phishing for Awareness series . . .
- Clone, Man-in-the-middle and Search Engine Phishing Attacks
- Malware Injection and Image Phishing
- Spear Phishing and Subdomain Attacks
- Business Email Compromise and Website Spoofing
- Pop-up Messages, Email Spoofing and URL Phishing Attacks
Source: Knowbe4 (CIT proudly partners with KnowBe4)
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more and let us show you how good I.T. can be — Don’t Gamble With Your Security