This is why it is important for all businesses to educate themselves and understand the potential threats that these phishing attacks can bring. The failure to recognize these tactics can mean life or death for your business.
Bypassing MFA
Multi-factor authentication is a really good strategy for protecting yourself against cyber criminals seeking to steal your logins. While MFA can be a really useful tool, that doesn't mean that it's 100% full proof. Unfortunately if you are not on your guard a simple phishing email is all it takes to completely render MFA useless. Often times hackers will send a phishing email impersonating some sort of familiar brand. These emails will typically contain a link that sends the user to a man-in-the-middle site that looks exactly like the real website. When users login or enter their MFA codes on the fake website the hackers are able to receive and use those login credentials on the legitimate website. While MFA is a practical tool that aids in keeping passwords safe it is still important that we as humans are wary of suspicious emails.
Dynamic Phishing Kits
Most of the time phishing emails are very basic and easily recognizable. They typically are very general in their requests or who its addressed to. Phishing kits are a lot more diverse and advance now. Phishing emails can now produce emails and websites on the spot that auto fill them with personalized branding and domain names. Phishing emails are much harder to spot when both the domain and website itself look like the real thing.
Tech Support Phone Calls
Most likely all of us have received one of these fake tech support calls before. They typically impersonate a bank, insurance company or even law enforcement to try and get you to give up personal information. With modern technologies voices can be easily deep-faked or faked in order to trick an individual into trusting them. You should always be suspicious of any call you receive from a number that is not your contacts, a majority of the time these calls are fake. During the COVID-19 pandemic it is important to be even more wary of fake callers.
Here is an example of what a COVID-19 related fake tech support call could look like:
"Hello, Mr/Mrs Smith we are calling from the Internal Revenue Service regarding the newest stimulus check. To receive your payment early we will require basic banking information. We have emailed you a form in which you can fill out the required SSN and banking account information."
It is incredibly important to understand that hackers have no shame in exploiting current events to get what they want. Be wary of any potential COVID-19 scams that may target you.
Make sure your employees are made aware of these more advanced phishing tactics as well as the other ways cyber criminals operate by keeping them up to date on Security Awareness Training!
Source: Knowbe4 (CorpInfoTech proudly partners with KnowBe4)
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Don't Gamble With Your Security