DatCom Blog

Getting to Know About Phishing Attacks Can Keep Your Business Safe

Getting to Know About Phishing Attacks Can Keep Your Business Safe

There’s a big reason why phishing is a primary threat to businesses, and it’s because this method gives hackers a relatively risk-free way of gaining access to a network or other resources. Even being aware of the issue is often not enough to prevent it, as hackers are known to get quite aggressive and crafty with their phishing campaigns. If only a fraction of the 57 billion phishing emails that go out every year are taken seriously, hackers make quite a bit of profit off of users.

As a result of this increase in phishing attacks, endpoint security has grown much more focused, but the issue with phishing isn’t necessarily an issue with the strategies surrounding your technology--rather, it’s an issue relating to your organization’s users and their tendency for failure. Now, we know this sounds a little harsh, but it’s been proven time and again that employees need security training on how to handle credentials and other sensitive information. Let’s take a look at a couple different types of attacks you can be exposed to, and what you can do to keep your organization from becoming just another company that has suffered from a data breach.

Deceptive Phishing
Deceptive phishing is one of the most common types of phishing scams, and it aims to fool unsuspecting users into handing over sensitive information. This happens when the hacker sends a message to users that impersonates an actual person or company that the organization has some sort of relationship with. These hackers use deceptive phishing to convince users to hand over information like passwords, usernames, account numbers, etc. Since official credentials are being used to access these accounts, it doesn’t immediately become a security concern.

For the most part, these deceptive phishing messages are either ignored by the users, caught by filtering technology, or disregarded when they’re accessed. Unfortunately, the handful that actually do fool the end user are worth the hundreds-of-thousands that are sent to others. To keep your business from making this fatal mistake, you need to focus on increasing awareness of what makes phishing attacks so much different from your average legitimate email.

Some of the telltale signs of phishing messages include misspelled words, problems with sentence structure, and suspicious attachments or URLs. Always hover your mouse over a link before clicking on it to determine its location, and never download an attachment unless you know who’s sending it. Another thing to look out for is any financial institution or vendor demanding payment or access to your account--there are other, more official methods of outreach for methods such as these; and no bank or similar institution will ever, ever ask you for passwords.

Spear Phishing
Spear phishing attacks are targeted attempts against a specific user. For example, someone who sees a message from a coworker might let their guard down, but this doesn’t necessarily mean the message is safe. It just means that some hacker managed to find a way to mimic the sender in a way that is extremely convincing. Spear phishing attacks will often know the target’s name, title, company, work phone number, and much more--all to seem as authentic as possible so the user will click on a malicious attachment or URL.

Even social media isn’t safe from this trend. LinkedIn, for example, is one of the most common places where spear phishing is leveraged. It might be used for connecting with other business professionals, but it’s not hard for a hacker to imitate a business professional. We aren’t saying that you need to avoid social media like the plague, only that you should approach it with some sensible caution.

Pharming
That being said, more people are learning about these attacks by the day, meaning that some hackers have ceased these types of attacks for fear of their efforts being for naught. Instead, they turn to a practice called pharming, which is using an organization’s DNS server to change the IP address associated with the website name. This gives them a way to direct users to malicious websites to steal their legitimate credentials.

To prevent this from happening, it’s very important that you tell your staff to be sure they are entering their credentials into a secured site. The best way to make sure this happens is to look for the “https” in the hyperlink, as well as a padlock icon next to the address. It also never hurts to have an antivirus solution on each endpoint within your organization.

DatCom can help your business stay as secure as possible. To learn more, reach out to us at 903-842-2220.

Tip of the Week: Adjusting Microsoft Word to Match...
Biometric Authentication Becomes More Commonplace
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, April 25 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Network Security Microsoft User Tips Hosted Solutions Internet Google Productivity Software Hackers Tech Term Malware Email Innovation Workplace Tips Data Smartphones Communications Backup Mobile Devices Hardware Business Data Backup Small Business Efficiency VoIP Android Communication Smartphone IT Services Cloud Computing Business Continuity Data Recovery Ransomware Cybersecurity Business Management Network Router Computer Managed IT Services Windows 10 Disaster Recovery Browser Internet of Things Chrome Server IT Support Gadgets Mobile Device Alert Collaboration Law Enforcement Outsourced IT Windows 10 Artificial Intelligence Cybercrime Windows Miscellaneous Applications Office 365 Computers Money Social Media Password How To Managed IT Services Wi-Fi Phishing Facebook Passwords Word BDR Virtualization Operating System Holiday Spam Telephone Systems Information Saving Money Quick Tips Productivity Avoiding Downtime Health Voice over Internet Protocol Data Security Two-factor Authentication Work/Life Balance Private Cloud Office Data Protection Microsoft Office Save Money Vulnerability BYOD Social Engineering Flexibility Apps Government App Settings Paperless Office Mobile Device Management Mobility Connectivity Keyboard Encryption Managed Service Display Data Management Google Drive Legal Spam Blocking VPN Upgrade Business Intelligence Staff Telephone System IT Plan Fraud Access Control HaaS Bring Your Own Device End of Support Update Software as a Service Entertainment Botnet Sports Unsupported Software CES Public Cloud Telephony Office Tips Data Breach Windows 7 Augmented Reality Wireless Content Management Cryptocurrency Remote Computing Users Bandwidth Training Managed IT Google Docs Data Storage Servers Net Neutrality Meetings Comparison Blockchain OneNote Scam Networking Identity Theft Redundancy Employer-Employee Relationship Website IT Management Automation Remote Monitoring Infrastructure Machine Learning Human Resources Virtual Assistant Education Enterprise Content Management IBM Advertising Computer Fan Credit Cards Sync Devices Inventory Unified Threat Management Experience Charger Criminal Document Management Internet Exlporer Title II Tip of the week MSP Business Technology HIPAA How to Knowledge Data loss Password Manager YouTube Help Desk Apple OLED Netflix Google Search Audiobook Downtime Wireless Charging Wire Mouse Computing Infrastructure Password Management Security Cameras Supercomputer Video Games The Internet of Things Thought Leadership Mobile Computing Cleaning webinar Best Practice Save Time Windows 10s Online Windows Server 2008 Accountants File Sharing Budget Recovery Network Congestion Screen Mirroring Business Mangement Company Culture iPhone Techology Millennials HBO Proactive IT Hiring/Firing Instant Messaging Marketing Root Cause Analysis Cortana Administrator History Conferencing Multi-Factor Security NIST Hacker FENG Amazon Authentication Camera Music Computer Care IT Support Internet exploMicrosoft Telecommuting IT Consultant WiFi Cast Gmail Managing Stress Shortcuts Virtual Reality Workforce Outlook Digital Signature ISP Risk Management Travel Google Apps Smart Office Microchip Firewall Emails Trending Software Tips Smartwatch Hybrid Cloud Amazon Web Services Skype Addiction Nanotechnology Wearable Technology Patch Management Hacking Solid State Drive Remote Work Flash Practices Remote Worker Leadership Recycling Social Worker Commute Frequently Asked Questions PDF Cryptomining Politics Workers Search Engine Biometric Security Safe Mode Employee Current Events Scalability Information Technology Online Shopping Start Menu Cache Smart Tech Warranty USB Samsung Battery Vendor Automobile Audit Hosted Computing Wiring Black Market eWaste HVAC FCC Excel Database Search Bing Big Data 5G Specifications Physical Security Digital Signage Electronic Medical Records Content Evernote Tools Wireless Internet Printer Value Transportation Public Computer Books Loyalty Benefits Worker Manufacturing Compliance Hosted Solution SaaS Smart Technology Twitter Safety Emergency Rootkit Shadow IT Managed Service Provider Regulation Employer Employee Relationship Two Factor Authentication Printers Wireless Technology Computer Accessories Content Filtering Assessment Webinar Vendor Management Business Owner Bluetooth Television IT solutions CrashOverride Troubleshooting