This is the most common and most effective. Criminals send emails designed to look like legitimate communications. Typically mimicking the URL of a well-known business, the email will request personal/login information, or ask the reader to click on a link, thereby unleashing malware. Phishing has some spin-off attacks. These are spear phishing: a more personalised attack that mentions specific employee details that are often particular to an employee’s role within a company. And whaling: an attack aimed at top level executives, again personalised to ensure maximum believability.
Smishing and vishing
Just like regular phishing, a criminal sends a legitimate-looking message asking for personal information or encouraging the reader to click on a harmful link. The only difference: it’s carried out by phone. Smishing is carried out via text, whilst vishing is a phone call. The phone call often being an automated message but occasionally, for extra believability, it will be a criminal’s real voice on the other end.
One of the newer forms of phishing, this involves creating a fake online presence, typically a fake website or fake social media account. With these set up the goal is the same; convince visitors you’re a legitimate entity and encourage them to click on a link that contains malware.
Whilst the other forms of phishing mimic comms and online media, The evil twin method mimics software. A cyber-criminal will create a legitimate looking Wi-Fi hotspot. Then the criminal waits for an unsuspecting user in need of some public Wi-Fi to log in, thereby granting the criminal access to their device and passwords.
A weak human firewall is why these types of phishing techniques still work so effectively
People are, by nature, trusting. Their default setting is to believe they’re not a target. This is compounded by the fact that people are rushed; one absent-minded click on a busy day is all a cyber-criminal needs. Your employees need to be trained out of their default state of trusting anything that appears in their inbox. They need to be trained so well that even on a busy day, they can spot a phishing attack a mile off to be as bulletproof as a firewall. They need to become a human firewall. This is why, along with things like a strong cyber security policy and ransomware protection, training makes up a core pillar of what’s needed if you want to preserve your business.
Training also helps to promote an overall culture of good cyber security; where all employees are aware of cyber security weaknesses and can take good security into their own hands. In the next few blogs, we’ll be going even deeper so that you and your team can be educated even more and help this culture to grow.
Whether you’re looking to take your first steps into improving your cyber security, or you just need to plug a few gaps, Novem’s team of experts is here to help.
Book a meeting with one of the team, at a time that works for you.