A recent study by Tripwire has found that more than half of all security professionals surveyed had noticed a rise in phishing attacks at their organisation in the past 12 months. Alarmingly, the survey also uncovered that these professionals believed that their company was ill-equipped to protect themselves against these scams.
It comes as no surprise that the increase of phishing attacks is one of the most significant cyber security threats to organisations today. Therefore it’s imperative to arm all staff and board members with the knowledge to identify these scams in order to protect our company data.
The following list outlines 6 common phishing attacks:
1. Deceptive Phishing
This is the most popular phishing scam used. It occurs when cyber criminals pretend to be a legitimate company with the aim of stealing an individual’s personal information. These emails often use threats to get what they want. Be wary of generic greetings or requests for information that the sender should already have. Errors in syntax and spelling are often a giveaway that you’ve been targeted in a deceptive phishing attack.
2. Spear Phishing
Spear fishing is a more personalised version of deceptive phishing. For example criminals will customise their scam email with the recipient’s name, position, organisation or even phone number, in the attempt to hoodwink the target into believing that they have an established relationship. In much the same way as deceptive phishing, the aim of this scam is to trick the recipient into clicking onto a malicious link, thus exposing their personal data.
3. CEO Fraud
In this scenario, the criminals will impersonate an executive’s email address and use it to request payments and transfers from others within the organisation.
This new type of phishing scam involves exploiting the internet’s naming system server (DNS) which converts website names to IP addresses. In this type of attack the criminal targets a DNS server and alters the IP address in order to redirect victims to a malicious website, even if the victims entered in the correct website name originally.
5. Dropbox Phishing
Some phishers customise their scam emails to mimic a company or service such as Dropbox. In this scenario a victim is sent a realistic looking email claiming it has come from Dropbox requesting the user to click onto a link which then installs malware onto their computer.
6. Google Docs Phishing
Just like Dropbox phishing, the criminals use the Google brand to lull victims into a false sense of security in order to harvest their personal details. A message is sent to a user to view a document on Google docs, and whilst the landing page is on Google drive, when the victim’s personal credentials are entered they go straight to the criminal.