Did you know 76% of businesses reported being a victim of phishing attacks in the last year?
With phishing on the rise, businesses need to be aware of the various attacks in circulation and how to be prepared if they fall victim of the different challenges of phishing. For this week’s blog series we will discuss the following types of phishing attacks and how to prevent it: Pop-Up Messages, Email Spoofing, and URL phishing.
Pop-Up Messages, or In-Session Phishing, is THE easiest way to run a successful phishing campaign. Attackers will send pop-up messages to your computer to click on just to redirect you to a fake website in order to steal login credentials. Once login credentials are identified, the hacker is able to steal any information found on the sites they now have logins for. Pop-up messages can be extremely misleading and detrimental to your company or clients. It is important to know how to prevent a pop-up message for it not to become harmful and do extreme damage. Your company and clients should become aware of pop-ups and recognize what is safe to click on and what is not. The ONLY prevention known, as of now, for in-session phishing are pop-up blockers. These blockers are available in browser extensions and settings on different app stores.
68% of small businesses record and file customers’ email addresses unsafely
Email Spoofing, or Name Impersonation is another phishing attack mentioned. It is the creation of email messages with a forged sender address. Email Spoofing can be done in different ways which include:
- Sending an email impersonating your superiors/asking for some important data, or worse,
- Impersonating the identity of an organization and asking employees to share internal data
- Sending an email through a familiar username,
97% of Your Employees May Not be Able to Identify a Phishing Email
To prevent email spoofing, carefully read the sender’s email address. If you are not sure about the characters in an email address, then copy and paste it somewhere to check for the use of numeric or special characters.
URL Phishing Attack
A URL Phishing Attack occurs when scammers use a phishing page’s URL to infect the target, whether it be a business or an individual. As mentioned in the first blog, URL Phishing Attacks have the potential to contain links you could possibly click on, only to send you to a bad website. This type of phishing attack always seems to have the highest opening rate due to the extremely social world we live in today. People are known to be much more social via online and trust a great deal of other online users. They are ready to accept friend requests and messages, such as DM links, email notifications, etc; they are even ready to share their email and contact information.
URL Phishing Attacks can be done in these different ways:
- Hidden links– “CLICK HERE” or “DOWNLOAD NOW” or “SUBSCRIBE”
- Tiny URL– shortening the URL to make it look authentic
- Misspelled URL– hackers buy domains that sound similar to popular websites to phish users by creating an identical website; they ask targets to log in by submitting personal information
- Homograph attack– the usage of similar-looking words (characters or combinations) that can be easily misread. (Example:‘arnazon.com’)
To prevent URL Phishing Attacks hover your cursor over the attached link and the full link will appear. If the link is different or seems phishy- DO NOT click on it! In the case of a mobile device, press and hold over the link, and the attached link will appear as a pop-up window with actionable options.
56% of IT organizations recognize phishing as the biggest threat to their cybersecurity
You may think of cyber security as something designed for big organizations, but guess what- Your digital life is big, and it’s only getting bigger.
While phishing continues to be the top threat vector for cyberattacks, Corporate Information Technologies is here to help. CIT services can prevent phishing attacks from reoccurring.
Learn more about phishing in our “Phishing for awareness” series:
- PFA: Pop-up messages, email spoofing & URL Phishing Attacks
- PFA: Business Email Compromise Schemes and Website Spoofing
- PFA: Impersonation and Social Media
- PFA: Spear Phishing & Subdomain Attacks
- PFA: Malware Injection & Image Phishing
- PFA: Clone, Man-in-the-Middle & Search Engine Phishing Attacks
- PFA: Advanced Phishing Tactics
- PFA: 3 More Advanced Phishing Tactics
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more. Don’t Gamble With Your Security