Phishing has become a major concern for IT departments. The certified security professionals at Aavex Technology Corporation, state that businesses can stop 95-99% of phishing, spear phishing and whaling attempts by educating employees regarding inbound email, sandboxing, and inspecting web traffic. First, we will need to identify and differentiate the various types of attacks.
Phishing
The term phishing was coined around 1996 by hackers stealing American’s online accounts and passwords. These internet scammers use email lures like fishermen casting a huge net trying to see what they can catch. The attackers know that not everyone will respond, but they know that if they send out large numbers of emails, there will be enough people that will take the bait.
Phishing email will most likely direct the victim to visit a web link, where they are asked to update personal information, such as a password, credit card, bank account, online bank account, and/or social security number. The website will look and feel genuine, as it was created to gain your trust.
Additional types of phishing attacks load malware (Malicious Software) onto websites. The malicious code is downloaded and installed without the consent of the targeted victim, as soon as a user visits the web link.
Spear Phishing
Spear Phishing is an email that appears to be sent by an individual entity or business that you know. It is not. It’s from the hackers who want to lure you in, to gain sensitive credentials from you such as, social security numbers, credit cards and online banking account numbers.
This type of phishing attack focuses on a single user or department. It may look as though it came from your human resource or IT departments. The hacker may ask for usernames and passwords. Once they gather this sensitive data from you, they can gain entry to your secured drives that are specifically created just for your personal access.
Whaling
Whaling is another type of phishing attack, similar to Spear Phishing. They are big email scams which target influential people, CEO Executives, and Directors. This kind of attack is often hard to detect compared to the standard phishing attacks. Domain spoofing is the most popular strategy. A spoofed domain is one that makes the message appear to be coming from a genuine source. The fraud most often isn’t obvious from the email itself.
In the case of whaling, the masquerading web page/email will take a more serious executive-level form. Some content of whaling attack is often written as legal subpoenas, customer complaints, or other executive issues. Whaling email scams are designed to masquerade as a critical business email coming in from a legitimate source or business. The goal is to trick someone into revealing their sensitive personal or corporate data through social engineering, email spoofing, and DNS spoofing.
By using anti-malware and anti-phishing software, we can deter and prevent it. Informed employees that are well trained, can be made aware of such attacks. Should your company need a special discussion with certified IT Professionals and security experts, or if your company has experienced these attacks, call us now at 630 365-0025. Aavex Technology Corporation is here to help you.