Receiving Phish-y Emails?
Updated: Jun 24, 2019
As the internet evolves at an accelerated pace, it's necessary for companies to prioritize security to protect their assets from vulnerabilities. You may have heard about the increasing techniques and risks for nefarious individuals to exploit these vulnerabilities in the form of phishing attacks.
So, what are Phishing Attacks?
This is general term for various techniques used to trick individuals into revealing or providing the means to access their confidential information to cyber-criminals. These come in many forms (text & phone call included), but the main one we see everyday at Wappo is Email Phishing.
Who is affected?
Everyone who uses electronic communication is vulnerable to being phished.
There are three types of phishing targets:
Mass-Scale Phishing: Attacks directed at a wide audience.
Spear Phishing: Attacks tailored at a specific individual or group using personal details.
Whaling: Specialized type of spear phishing directed at executives within a company.
When, where, and how are these attacks carried out?
Phishing can happen anywhere at any time, so it’s important to look for common fraud methods.
Your most common type of phishing attack comes in the form of an email that looks like a legitimate source/sender, but upon careful inspection, there are misleading parts of the email.
Check for spelling and grammatical errors, threatening language, and "spoofed" email / names.
Example(s): “Your account has expired please click on this link” or “We have control of your webcam, pay us bitcoin”. Spoofed emails look like they are coming from an employee at your company, however the email address was used without actual access to their account.
Why do these attacks happen?
These attacks happen due to individuals wanting to acquire personal information for monetary gain.
It is important to remember that while these attacks cannot be 100% deflected, with education and awareness you can mitigate you and your teams’ risk.
If you are receiving a large amount of these emails within your company or would like to educate your team further on cyber security topics, please contact Wappo Information Services.