Email scams are becoming a more and more common way to attack your business. But phishing emails are among some of the most tricky and deceptive.
In general, cyber attackers send you an email, pretending to be someone you trust. This email can contain malicious links and attachments, or ask for confidential information. With just one wrong click, malware can be released throughout your network infrastructure— all from one phishing email.
Attacks like these mean you and your employees have to remain on high alert.
Phishing attacks come in three different varieties: deceptive, spear phishing and whaling.
Most people are used to seeing deceptive phishing emails. They are common and sent to many different people at once. For example, the Internal Revenue Service (IRS) is currently warning people against falling for a new deceptive phishing attack during this tax season. These emails try to gain identification information, such as social security numbers.
While most people know about deceptive phishing attacks, they are unaware of spear phishing and whaling email scams.
The standard phishing emails are vague and sent to a large swath of people. Spear phishing is the exact opposite.
Instead of catching many fish with a large net, spear phishing is targeting one small group or individual. These emails are so specific and successful that over 90 percent of phishing attacks were spear phishing, according to Trend Micro research.
These phishing emails work, because they use social engineering methods to research their victim. Some social engineering tactics are as basic as searching for you on social media or as unsuspecting as talking to a stranger at the gas station.
When doing their research, cyber attackers are looking for specific information about you, such as the company you work for and your position. This allows them to personalize the email to appear trustworthy.
Because of these highly targeted emails, they often slip through email filters and antivirus making them quite disastrous.
Spear phishing emails have three common elements:
Whales are big fish and just like whaling, cyber attackers are going after the big fish of your company — the executives.
Whaling phishing emails target high-level decision makers, such as CEOs and CFOs. Like spear phishing, whaling is targeted specifically for those individuals and that company. These tactics make it easier to trick victims and antivirus software.
Unlike deceptive phishing or spear phishing, whaling’s goal is not to gain access to information or software. Rather,he objective is to achieve a transfer of money. In fact, according to the FBI, CEO email scams is a 12 billion dollar business.
Decision makers constantly get their inbox flooded with unsolicited emails, which is why whaling has to be a highly personalized attack. The email needs to be opened to have any impact. Cyber attackers will use social media, business records— anything to get their email through filters and opened.
Whaling emails rely on impersonating someone an executive will listen to. This can include a:
All of these individuals are important to your business, which is no wonder decision makers have been opening whaling emails.
Unlike other phishing attacks, cyber attackers will go to great lengths to see success from their whaling emails. They don’t just use emails. Some whaling campaigns include website spoofs, when attackers create a copycat website — say of a bank— and store that login information for future malicious use.
It is possible to protect yourself and your business from phishing attacks. Here are three phishing prevention best practices:
These best practices can save you and your company from future phishing attacks. Assess your company’s level of cybersecurity with this handy checklist.
If you are a law firm, we have a cybersecurity eBook, just for you! We’ll explore how your office can properly utilize its servers and network, help you to develop a disaster planning strategy and more.