Phishing scams originated in the 1990s by hackers using America Online. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Since the first unscrupulous phishing attempts pioneered in the ‘90s, the scam has evolved into much more complex attacks. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion. This article will define and describe the different types of phishing attacks users will want to avoid.
Deceptive Phishing
The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users.
For example, PayPal scammers might send out an attack email that instructs users to click on a link to rectify a discrepancy with their account. The link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.
The success of a deceptive phishing attack hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should inspect all URLs carefully to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout an official-looking email.
Spear Phishing
In spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number, and other information to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing – to lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.
Spear-phishing is especially commonplace on social media sites, like LinkedIn, where attackers can use multiple sources of information to craft a targeted attack email.
To protect against this type of scam, organizations should conduct ongoing employee security awareness training that discourages users from publishing sensitive personal or corporate information on social media. Companies should also invest in solutions that can analyze inbound emails for known malicious links/email attachments.
Dropbox Phishing
Millions of users access Dropbox every day to backup, access, and share their files. Cyber attackers capitalize on the platform’s popularity by targeting users with phishing emails. One attack campaign, for example, tries to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself. To protect against Dropbox phishing attacks, users should consider implementing two-step verification on their accounts.
Conclusion
Vigilance and constant education is the only way to keep your business assets from getting hooked by unscrupulous phishers. If you have more questions about how to protect your investments, reach out to The Computer Guys. Centrally located in Farmington Hills, Michigan, The Computer Guys are proud to offer a full MSP solution for all your business IT needs. For over 20 years, we’ve helped the Detroit Metro area leverage their IT to help many industries. Contact us to see how we can help you today.