You’ve probably heard of phishing attacks, but if not, the best way to explain it is with the legend of the Trojan horse. In ancient times, the city of Troy fell when a raiding party, hidden within the belly of a constructed wooden horse, was allowed past the gates. The lesson: deception is the most powerful weapon one can employ, and cybercriminals will use it against your business.
Understanding Phishing Attacks
Phishing relies on subterfuge and misrepresentation, taking advantage of the human element of your business’ defenses to bypass the security solutions you’ve put in place.
Phishing tends to be seen most often in email format, but cybercriminals have upped the ante by integrating new modes of attack, such as phone calls, text messages, and even social media. Regardless of the medium, though, you can count on phishing attacks to use the same tactics.
Trends in Phishing Attacks
A Sense of Urgency
An attacker is counting on your inability to think rationally during their attack. They want you to act now and think later. This is why they tend to be so pushy in their messaging, urging you to take action now. If you ever see this kind of fear-mongering language, be careful; it’s a clear sign that something is not right.
Generic Greetings
If you receive messages with generic greetings, chances are it’s not as legitimate as you might think at first glance. Businesses will have your contact info, so there’s no reason for them to be so generic, right? A scammer, on the other hand, will be more likely to use generic language, as they don’t have an existing relationship with you.
Unknown Senders
Another throwaway sign is that the sender of the message doesn’t match who they claim to be. If there’s any reason to doubt their authenticity (and sometimes even if there isn’t), you should check to see if the sender is who they claim to be by contacting them using an alternative method, if only to verify their legitimacy.
Suspicious Links
Spoofed messages will often have links that direct you to malicious or fraudulent websites, sometimes disguised as legitimate entities, for the purposes of harvesting your credentials. Use the “hover test,” where you hover your mouse over a link WITHOUT CLICKING IT to see if the message actually sends you where it claims to. If it does, great, but if it doesn’t, do not click it.
Unexpected Attachments
In a similar way, email attachments can disguise an attacker’s payload as an invoice, resume, or other common attachment. Your team shouldn’t be downloading any old attachment without first confirming the legitimacy of it through a secondary communication method.
Build Your Human Firewall
The key to staying safe is to emphasize training in your security strategy. Train your team to identify and respond to threats so they know how to act if they ever become a target. This keeps them from becoming an unexpected vulnerability in an otherwise sound infrastructure. To learn more about how to make this happen at your business, contact us today at (404) 800-7946.
