Many organizations have reported that there has been an increase in phishing attacks. However, most of the companies don’t feel they are prepared to face such attacks and protect themselves. They don’t feel confident enough that they can spot the phishing websites scams running on the internet today. Listed below are six phishing scams and some useful tips using which you can protect yourself against any of them.
- Deceptive Phishing
This is a common type of phishing fraud wherein the fraudster impersonates a legitimate firm and attempts to steal the personal information or login credentials of individuals. Through emails they will issue threats and create a sense of urgency that usually scares the users into accepting the attacker’s request.
For instance, PayPal fraudsters may send out an email that instructs you to click on a link that will help you in rectifying a discrepancy in your account. In actuality, the link directly leads you to a fake PayPal login page that collects your login credentials and sends them to the attackers.
The chances of phishing websites succeeding to deceive people are strong if the email they have sent resembles the legitimate organization’s official correspondence. Which is why, it is essential that you inspect all the URLs thoroughly to check whether they redirect you to an unknown website. They should also keep an eye out for generic greetings, spelling errors and grammar mistakes spread throughout the mail.
- Spear Phishing
Some phishing scams use heavy customization to make them look more convincing. In this type of phishing websites fraud, the attacker uses the target’s company, name, position, work contact number and other information to personalize their emails in an attempt to con you into believing that they are acquainted with the sender.
The aim of this phishing is same as the deceptive one i.e. to lure the victim into clicking the link or opening the email attachment so that they can get their on their personal information.Social networking sites such as LinkedIn is a common ground for attackers of spear phishing as they can use multiple sources of data to create a targeted attack email.
Organizations should protect themselves against these phishing websites by conducting an on-going employee awareness training program that will discourage users from publishing corporate or sensitive information on social media.
Firms should also invest in solutions that will analyse emails for unknown email attachments or malicious links.
- CEO Fraud
Spear phishers running the phishing websites are known to target anyone in the firm, even top executives. These fraudsters attempt to con and steal the login credential of an executive.
If they are successful in their attack, they will then conduct a CEO fraud in which they impersonate an executive and exploit their email to authorize fraudulent wire transfers. This is the second phase of BEC (business email compromise) where they transfer funds to any financial institution of their choice.
If you want to counter the threats to your organization, it is essential that all the company personnel, including executives, should undergo the security awareness training. You should revise your organization’s financial policies, so that authorization of financial transaction can’t occur via email.
Nowadays, users are becoming shrewd to the traditional phishing websites scams, due to which several fraudsters are forsaking the idea of baiting their victims. Instead they have resorted to pharming. Pharming is a technique through which attack stems from the Domain Name System cache poisoning.
Under this attack, the pharmer will target a DNS server and change the IP address related with an alphabetical site name. This means the attacker is able to redirect the users to malicious website of their choice even when the victim has entered the correct website name.
To be safe from phishing websites attacks, companies should encourage its employees to enter their login credentials only on secured sites with HTTPS. Organizations should install anti-virus software on all devices and install database updates. They should also implement the security upgrades issued by a reliable Internet Service Provider (ISP) regularly.
- Dropbox Phishing
Some phishers have stopped baiting their victims while others have customized their attack emails according to the individual service or company. For instance, Dropbox is used by millions of people every day to backup, access and share their personal files. It’s not surprising if the attackers try to capitalize on the platform’s popularity by targeting the users with phishing websites emails.
One example of this is when an attack campaign tried to con users into entering their login details on a fake Dropbox sign-in page that was hosted on Dropbox itself. To be safe against Dropbox phishing attacks, consider applying two-step verification on their accounts.
- Google Docs Phishing
Scammers can target Google Drive too if they set their mind on it. Especially, as Google Drive supports spreadsheets, presentations, documents, photos and entire websites too. Fraudsters could create phishing websites that will mimic the Google account login screen and abuse the user’s account by stealing their login credentials.
In July 2015, a group of attackers did just that! Not only did Google host the fake login page unknowingly, but a Google SSL certification protected the page too.
Users should try and implement the two-step verification and safeguard themselves against these types of threats. You can enable the security feature via Google Authenticator app or via SMS messaging.
Through these tips and information regarding various phishing websites scams, companies can effectively spot the most common types of phishing scams. But this doesn’t mean that you will be able to identify each and every phishing scam. This is due the fact that phishing websites scams are constantly evolving to adopt new techniques and forms.
Keeping this in mind, it’s essential that your organization conduct security awareness training on a frequent basis so that the executives and employees are updated about the emerging phishing attacks. Always be aware of the latest phishing websites scams so that you can protect your company from any fraud.