So you want to protect your personal emails and your company's emails from malicious hackers who unleash phishing attacks.. Great, but what exactly is a phishing attack? A phishing attack is a socially engineered attack leveraged to attempt to steal your personal information. Think along the lines of your passwords, social media accounts, or credit card numbers. Phishing emails are by far the most popular method of hackers to attempt to steal your information BUT attacks can also occur through text messages, social media, and even by phone calls. The main goal of a phishing attack is to get you to click on a link or attachment which contains malware (viruses). Sometimes, hackers use slick "hussle" techniques to get people to divulge information. Like a "fake" call for the IT department, or HR requesting your social security number. Hackers are very smart and often craft emails to look real, and often create fake websites to redirect you to which look VERY similar to the actual website. These are typically a way to get you to "login", with the fake site, revealing your password to the phishing scam. Scary isn't it? A phishing attack can hit an organisation of any size and any type. No one business is immune. Attacks can be random or targeted and sophisticated, a phishing attack is certainly something to take seriously. So what types of phishing attacks should you and your company lookout for?
Types of Phishing Emails
There are a few different kinds of phishing emails and hackers are getting better and better every year! This means you need to be aware of the risks and educate your staff on what to look out for and how to be careful during their online workdays.
1 Email Fishing
This is the standard for an email phishing attack.
Can you believe that it's guessed to be nearly three billion or more phishing messages sent every single day.
A lot of these phishing attacks are sent in massive campaigns targeting thousands of unsuspecting recipients.
The following is an example of an email phishing attack.
This email looks like a legitimate message straight from Fedex! But it is most certainly not and if you click on the link it leads to a malicious website with viruses on it. Here is another example.
In this phishing attack, the recipient gets an email saying they've received some money! Exciting right?
Except it's fake of course and if you actually click and download the pdf it installs malware on your computer.
Oops.
Email phishing attacks occur in many forms and luckily there is indeed a way to protect yourself which we will get into a bit later. First though...
2 Spear Fishing + Whaling
Another type of phishing attack is "spear phishing" which is a more targeted, sophisticated approach. Hackers try and trick their victims by using specific company information that they shouldn't really know in order to make what they are asking for even more believable. They could share information like: Phone Numbers Signatures Staff Names Addresses all in order to make the case they are presenting as believable as possible. The malicious hackers will spend time collecting this information from other sources and places like the dark web in order to use it in spear phishing attacks.
A whaling attack takes the spear phishing to a whole other level and targets high level staff within a company. The main method of these whaling attacks is to pretend to be a CEO or high level executive and use that rank to pressure staff members into handing over sentiviate data. So for example a hacker would use someone like Elon Musk to imprersonate and attempt to get Tesla employees to hand over valuable data. The goal of whaling attacks is often to try and collect tax information, financial documents, or even wire transfers.
1. Train your Staff to Identify Phishing Emails
The first step in learning how to stop phishing emails is to raise awareness. You, and your staff, have to be as cautious online, just as as you would in real life! It's easy to let your guard down and forget that there are risks to browsing the internet and using email providers. It's good to have a general awareness of what a phishing email looks like and to be aware before moving on to the most important step.
Email training can help drastically reduce the number of fraudulent emails opened, and work to consistently reduce exposure to email-based threats.
2. Turn on 2FA Two Factor Authentication
As mentioned in a prior blog post 2FA provides an extra layer of protection. In case your email/password login details get comprised, 2FA prevents that information from being used to access systems without you knowing!
Two Factor Authentication is the first layer of security and is a good first step towards protecting your email systems.
3. Use a protective service like MailTOKEN
MailTOKEN is easy to use security set up to prevent phishing attacks on critical communication system users' accounts. The uniquely clever product takes advantage of the behavior of email system authentication protocols to allow a biometric challenge to occur mid-stream.
The system is proven to nearly eliminate one of the most pervasive cybersecurity threats today. The patent pending software is compatible with our desktop Réunion client and with many clients in use today for standards based email communications.
There are possibilities for OEM and Military Message Handing system integrations.
Contact us to discuss how Mail TOKEN can work with your critical communication system.
Comments