(509) 534-1530    Get SUPPORT
  • You are here:  
  • Blog
  • Sam Wood
  • Tip of the Week: 2 Free Browser Extensions to Help You Stay Focused

SCW Blog

SCW has been serving the Spokane Valley area since 1997, providing IT Support such as helpdesk support, computer support, and technical consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Phishing Can Have Multiple Attack Vectors

Phishing Can Have Multiple Attack Vectors

Phishing is a pressing issue for everyone, not just businesses. The main problem is that the phishing messages keep getting more and more sophisticated and keep coming and coming until, eventually, something negative happens. For this week’s tip, we wanted to discuss the different types of phishing you can encounter. 

Before we get started breaking down the types of phishing there are, let’s review what exactly phishing is. 

Phishing is a Social Engineering Attack

Phishing attacks target users rather than the underlying computing network. These days, with the security controls that many organizations pay good money for, it is even harder to access a computing network without legitimate credentials; and, because of this, it is easier (and more cost-effective) to target the end users. 

As a result, these hackers come up with a scam (or many scams, actually) that target people who may have access to a network that carries with it the sensitive information that most businesses have on file these days. Let’s take a look at some of the types of phishing scams.

Phishing Via Email

The phishing email makes up for over ninety percent of all phishing messages in total. Essentially, they are emails that come into an inbox seemingly through legitimate means and end up scamming the recipient to hand over their credentials. Here is some of the most prevalent information about email-based phishing attacks.

  • They Have Attachments - An unexpected attachment in an email can easily be used as a vehicle for malware and other attacks. These can be either individual documents, or in the form of a ZIP file.
  • They Contain Spoofed Links and Senders - Many phishing emails will appear to come from certain senders or websites, trying to take advantage of the inherent trust that these senders or websites have in the public. Paying close attention to these links and senders will help you catch these efforts.
  • They May Have Serious Misspellings and Grammatical Errors - Most professional communications are (or should be) proofread fairly extensively before being sent. Therefore, an email that presents a lot of these issues is somewhat likely to be a phishing scam.

Phishing Via Text Message

A form of phishing message that is sent via text message is called Smishing: The hallmarks of this type of scam include:

  • Messages from Numbers You Don’t Recognize - Messages that come from non-cell numbers can be a sign of a scammer using an email-to-text service.
  • Messages that are Completely Unsolicited - If a message purports to come from an organization and you didn’t prompt any communication with them, take it with a grain of salt and reach out to that organization through another means.
  • It Contains Personal Information - If there are personal details shared in the message itself, it could very well be a phishing scam, as scammers will try to add pressure on their victims.

Phishing Via Phone Call

Getting a phishing message over the phone is called Vishing. Typically the call will try to determine facts about you to which the hacker will use to gain access to your accounts. Here are a few variables to watch out for:

  • Too Good to Be True Offers - Phishers will often place phone calls promising rewards or perks that are unrealistically appealing.
  • Calls from Authorities - If you receive a call from some organization or higher authority, don’t be afraid to question its validity…particularly if they start pressuring you and/or are trying to scare you.
  • Excessive Personal Details - A lot of your information can be found online so if a caller has more information than they should, that’s a red flag.

Social Media Phishing

Nowadays, phishing attacks are carried out through social media as well. To avoid falling victim to these attacks, keep an eye out for:

  • More than One Account - Some phishers will find someone, make a copy of their profile, and start sending that person’s contacts invitations to connect. This is another time you should separately confirm that someone is who they claim to be.
  • Bogus Links - Social media platforms offer phishers a very convenient means to share out links to fraudulent websites, where personal details can be harvested from unwitting visitors.

We hope this little reminder helps. If you have any questions about phishing, or how to ensure that your employees are sufficiently trained to ward off potential phishing attacks, give the IT experts at SCW a call at (509) 534-1530 today.

Tags:
Security Hackers Phishing
4 Things You Can Do to Improve Security When You W...
Give Your Business a Second Chance with Data Backu...

About the author

Sam Wood

Sam Wood

Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, November 15 2024

Captcha Image

Blog Categories

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Blog Archive