Phishing (Vishing)

Phishing is a practice where an attacker attempts to gain access to a private network by sending a malicious email that is made to look normal to a user. Usually, the attacker is attempting to obtain a user’s personal credentials, information and sensitive data through these phishing attacks. Phishing has remained one of the most prominent forms of cyberattacks since the first report of a phishing attack in 1995.

What are some examples of phishing attacks?

While there are a variety of tactics cybercriminals will use to undergo a phishing attack, there are three phishing examples that can be more prevalent than others: email phishing, social media phishing, and infected attachment phishing.

1. Email Phishing. An email phishing attack occurs when someone receives a fraudulent email to their account in the hopes of penetrating the user’s cyber defenses. These emails usually contain a link to a credential stealing website or fake phone number, in the hopes of getting the cyber victim to call the line and reveal their credentials to the operator.

2. Social Media Phishing. Phishing attacks don’t just stop at emails. Since social media began its rise to popularity over the past decade, it became another platform for phishing cybercriminals to use. Social media phishing attacks usually involve attackers researching social media profiles of potential victims to obtain information and plan a future attack. Social media phishing attackers will also hack a social media profile and then send messages to the connections of that profile. Often, these messages contain malware embedded files or fraudulent links.

3. Infected Attachment Phishing. As cybercriminals attempt phishing attacks by sending emails containing fraudulent links, they also send emails that contain fraudulent and sinister attachments. Once opened, the attachment may contain a virus that can surpass your network security and steal your information and credentials.

How do you detect phishing attacks?

Despite many cybercriminals increasing the sophistication of their attacks throughout the years, there are still some tell-tale signs that can reveal a phishing attack. 

1. Inconsistent Email Addresses. If you receive a questionable email, check the actual email address that it came from. Often, you will find that despite the subject line and email looking official, the email came from a spammy address.

2. Inconsistent Links and Domain Names. For example, if an email message claims to come from PayPal, but the link lacks paypal.com in the address, chances are, someone is phishing.

3. The Email Is Asking You To Send Credentials or Banking Information. If you receive an email requesting you send credentials or banking information, chances are that it is a phishing attack. Usually, companies will not ask for sensitive information to be sent over email. For example, if your preferred bank is reaching out to ask for your banking information, ignore it and call the certified Contact number of the bank. Make sure you are calling the number listed on the official site, not the number in the potential phishing email.

4. The Logos and Branding Information Are Incorrect. If the logo of the “company” emailing you is inconsistent or incorrect, it is likely a phishing attack.

How can you prevent phishing attacks?

1. Set up Multi- Factor Authentication

2. Do not click on email links from unknown sources

3. Ensure you have a security software installed

4. Be wary of pop ups

How TSI Can Help Protect Against Phishing Attacks

TSI offers proactive tools to combat phishing attacks by providing real-world phishing simulations to test your staff and identify areas for improvement.  However the most important service we provide to prevent future phishing outbreaks is education. We complement our security tools by providing employee training to minimize the opportunities for a successful attack or breach.  To learn more on how our simulation phishing security tests & educational trainings can benefit your organization, contact us today!