With phishing becoming popular within the news, it’s important that you and your organisation understand the many different types and how to prevent them from occurring.
What is “Phishing?”
Phishing a fraudulent act, in which the purpose is to steal personal information from an individual, a group of individuals or an organisation/company.
With the increasing number of advanced technology, also comes an increasing number of data breaches and cyber-attacks. It’s important to understand how to identify phishing and how to prevent it from causing any damage.
This blog will look at three common types of Phishing:
- Deceptive Phishing
- Spear Phishing
- CEO Fraud
Deceptive phishing is an email attack where the imposter imitates a genuine company or organisation in attempt to steal personal information.
The email created will have a sense of urgency, which makes the victim worried; and therefore they are pressured into giving away their details.
An example of deceptive phishing is a bank scamming email which includes a link that the victim is instructed to click. This link leads the victim to a fake bank login page, where they give their personal information straight to the attacker.
How to prevent Deceptive Phishing
When receiving emails with traits that match a deceptive attack, you must:
- Look closely at the URL – do you recognise it or have you used it before? Does it look legit?
- Check for spelling, punctuation and grammar mistakes – Genuine professional emails rarely have any errors.
In Spear Phishing scams, the imposter personalises their attack email, using the target’s name, company, work number and other information.
The information used can be taken of the target’s social media pages, such as LinkedIn. This information is used to make the email more realistic.
Similar to deceptive phishing, a link or attachment is used to lure information from the victim.
How to prevent Spear Phishing
To prevent Spear Phishing, it’s advisable to:
- Not post any sensitive or personal information on your social media pages.
- Pay close attention to emails for URL links that look suspicious.
- Pay close attention to emails for spelling, grammar and punctuation mistakes.
CEO Fraud involves attackers using email addresses similar to that of an authority figure to request payments or data from others within the company.
The aim of CEO Fraud is to get the target to transfer a payment directly to the attacker.
How to prevent CEO Fraud
To prevent CEO Fraud, it’s important that:
- Organisations are continuously making sure that employees are undertaking security awareness training.
- Organisations are checking that no employees can approve financial transactions over email.
For further information on Phishing and Cyber Security
See our YouTube videos.
Or feel free to contact us!