All,
A couple months back we went over and spoke on different types of phishing events and I wanted to do a quick review on this as well as add a couple more types of phishing events that are becoming more common (Vishing and Smishing).
“Phishing” is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. As we deal heavily with this type of information, we need to all be well versed in recognizing this type of attack.
- Phishing: In this type of attack, hackers impersonate a real company (Microsoft, Apple, Google, etc.) to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
- Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to The Leaders Group in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
- Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO, President, or CCO, and ask you for sensitive information or requesting that you complete at task as they may be stuck in meetings.
- Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
- Vishing: This is known as “Voice Phishing”. This is very similar to what we previously discussed but most of the times the attacker will call you and act as a known company (Microsoft, Apple, Google, etc.) that will start requesting personal information.
- Smishing: This is known as “SMS Text Phishing”. With more and more people using this form of communication now, a lot of attackers are using this to try and compromise personal information by sending you an SMS Text Message have requesting that you either call a number or click a “spoofed” link to verify your login information or to try and access financial accounts, bank accounts, or to reactivate a credit card.
What You Can Do
To avoid these phishing schemes, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Do not try to open any shared document that you’re not expecting to receive.
- If you can’t tell if an email is legitimate or not, please reach out to me and I will approve whether it should be okay or not to open.
- Do not respond to any SMS text messages that you’re not sure who they are from.
- Do not answer or provide any personal information over the phone that you’re unaware on who the caller is.
Thanks again for helping to keep our network, people, and clients safe from these cyber threats.
Please let me know if you have any questions
Contact Daylan for more information:
IT Manager
Ext. 111
daylan@leadersgroup.net