Home 3 most frequent phishing attacks and how to protect against them
News

3 most frequent phishing attacks and how to protect against them

AFP
business video
(© metamorworks – stock.adobe.com)

Phishing is one of the most common ways for scammers to steal information. Through deception or social engineering, fraudsters attempt to trick people into handing over confidential or personal information to then use it for malicious purposes. And that’s very easy. With some basic information like your full name and address, scammers could make you susceptible to identity theft and with answers to privacy questions and a username, they might even be able to get into your online banking accounts.

In 2020 phishing attacks continue to play a dominant role in the digital threat landscape. According to the Data Breach Investigations Report, phishing is the second topmost risk action variety in security incidents and the topmost threat action variety in data breaches.

On the other hand, digital fraudsters show no sign of slowing down their activity in 2020 – possessing a considerable threat to all organizations. It’s therefore vital that all organizations know how to recognize some of the most popular phishing scams if they are to protect their valuable corporate data.

1. Deceptive phishing

Deceptive phishing is by far the most common type of phishing scam – typically, fraudsters impersonate a legitimate organisation in an attempt to steal people’s login credential or personal data. They use emails with a sense of urgency to scare users into doing what the fraudsters want.

Techniques used in deceptive phishing

  • Legitimate links: Most attackers will attempt to evade detection from email filters by integrating legitimate links into their deceptive phishing emails.
  • Blend malicious and benign code: Those accountable for creating phishing landing pages usually blend malicious and benign code together to fool EOP (online exchange protection).
  • Modify brand logos: There are some email filters that can spot when malicious actors steal organizations‘ logos and implement them into their phishing landing pages or attack emails.

2. Spear phishing

Contrary to many inexperienced beliefs, not all phishing scams embrace the “spray and pray” technique. Most fraudsters rely more on a personal touch. And they do so because they wouldn’t be successful otherwise.

In this ploy, cybercriminals customise their attacks emails with the target’s name, company, position, work phone number and other info in an attempt to trick the recipient into believing that they have a connection with the sender. The type of browser you’re using is also playing a role in your security – for instance, UC Browser has a rough patch in the industry, especially when it comes to data breaches. There are multiple reports of information leaks and other such security concerns.

As a user, this certainly must have shaken your confidence in the browser. But you will be glad to find out that there is a means to use your favourite browser without running into the dangers of data breaches. This is through using a VPN for UC browser. With a great amount of information needed to build a valid attack attempt, it’s no surprise that spear-phishing is commonplace on browsers like UC and social media platforms like LinkedIn where hackers can use a wide range of data sources to generate a targeted attack email.

To protect against the type of scam, companies should perform ongoing employee security awareness training that amongst other things, discourage them from publishing corporate or sensitive personal information on social media. Organizations should also invest in solutions that analyse inbound emails for known malicious email/links attachments.

3. CEO fraud or “whaling” attacks

While spear phishers will target anyone in an organization, including the CEOs – in these scams, fraudsters try to catch an exec and steal their login information.

If their attacks prove successful, cybercriminals can choose to conduct CEO fraud. This happens when attackers abuse the compromised account of a CEO or other high-ranked executives to allow fraudulent wire transfers to a financial institution of their choice. What’s more, attackers can leverage the same email to conduct W-2 phishing which requests W-2 data for all employees so that they can post that data on the dark web or file fake tax returns on their behalf.

Techniques used in whaling

These attacks make use of the exact same methods as spear-phishing campaigns. Here are the most common tactics that malicious attackers could use:

  • Infiltrate the network: A compromised CEO’s account is more efficient than a spoofed email account. Typically, digital attackers could, therefore, rely on rootkits and malware to infiltrate their target’s network.
  • Follow up with a phone call: Most frequent instances were those followed by a whaling email with a phone call confirming the email request. This tactic helped to relieve the target’s concerns about something suspicious.
  • Why do the whaling attacks work? Oftentimes whaling attacks succeed because CEOs don’t participate in security protocols and training with their employees. To avoid the threats of W-2 phishing and CEO fraud, companies should mandate that all employees plus higher-ranked ones – take part in security awareness training on an ongoing basis.

Story by William Busby

Support AFP




AFP

AFP

Have a guest column, letter to the editor, story idea or a news tip? Email editor Chris Graham at [email protected]. Subscribe to AFP podcasts on Apple PodcastsSpotifyPandora and YouTube.

Latest News

how lenders evaluate mortgage applicants
Local

Albemarle County government launches Affordable Housing Investment Fund

rappahannock tribe fones cliff
Virginia

Northern Neck: Rappahannock Tribe rematriates 704-acre parcel at Fones Cliffs

The Rappahannock Tribe rematriated 704 acres of historic land at Fones Cliffs, a four-mile stretch of white-colored diatomaceous cliffs rising more than 100 feet above the Rappahannock River in the Northern Neck.

mark warner
U.S. & World

Mark Warner calls out sham of FBI investigation into ‘rigged’ 2020 election

Mark Warner wants answers from the Trump regime on its efforts to put FBI resources into reinvestigating the lie that the 2020 presidential election was stolen.

healthcare
Virginia

Virginia Employment Commission hosting Paid Family and Medical Leave info sessions

Massanutten Resort Mountain Mayhem
Local

Rockingham County: Massanutten Resort debuts Virginia’s first alpine coaster

college football
Football

Updated: College Football Playoff confirms dates, sites for 2026-2031 postseasons

world cup soccer FIFA golden boot
Etc.

World Cup 2026 delivers an epic Golden Boot battle