Discover the new Phishing tactics and how to protect yourself

Phishing (pronounced fishing) is based on the classic and effective technique of social engineering, in which the most vulnerable point is exploited: Humans. These social engineering attacks combined with computer science, form phishing, which we can also call electronic social engineering.

Phishing uses email, phone calls, texts, and fraudulent websites designed to steal your data—like credit card numbers, and account credentials—or to gain access to your device or the corporate network.

Following the logic of evolution, phishing has also evolved enormously, which is why we can currently find 4 types of very common phishing tactics.

Phishing tactics

There are multiple sophisticated tactics used by cybercriminals that could make you vulnerable to phishing.

Malicious email attachments

During phishing campaigns, cybercriminals attempt to trick users into selecting an email attachment, which then:

• Downloads a malicious executable, infecting the user’s computer or mobile device.
• Or, upon opening the attachment you may be redirected to a fraudulent login site.

Attachments can come in various forms, such as a Microsoft Office document, a PDF file, .zip files, etc.

Website spoofing

Website spoofing involves creating a duplicate version of a website that appears to be the original. Hackers use legitimate logos, fonts, colors, and functionality to make the spoofed site look realistic. Even the URL can appear genuine.

Once you have been fooled into thinking that you are on the real webpage, hackers have won your trust and can gain access to any private information you submit to the fake page, such as banking credentials or sign in information.

You may be directed to a fake website through a link in a phishing email or through simple web searches.

Vishing

Vishing, or voice phishing, is the telephone equivalent of phishing. It is the act of using the telephone to scam the user into surrendering private information that will be used for identity theft. It can take shape as a phone call or voice message from a live or automated person.

SMiShing

SMiShing, or SMS Phishing, is an attack method via a text or SMS message received on a mobile device. An attacker uses SMiShing to trick a user into downloading malware or revealing private information through a fraudulent link.

This SMS text is a SMiSh.

It is an example of an actual SMiShing attempt. Always be suspicious of texts or SMS messages threatening account closures, terminating services, or unexpected and out of place offers.

Tips to protect yourself

Slow down. Take the time to inspect an email before selecting a link or opening an attachment. Were you expecting to receive the message from someone you know, or is it from an unknown sender?

Be skeptical. If you receive an unexpected email, call, or text requesting personal information, do not respond to the message or engage with the sender. You may reach out to the represented company directly, if appropriate.

Verify then proceed. As our company’s human defense, an early warning from you could make the difference between a near miss and a major incident. Always report suspicious activity.

If you see something, say something

Anytime you think you have received a phish, immediately report it, even if you didn’t interact with the mail or respond. You can use the Report Message button on the Home tab to report phishing emails quickly.

Technology in general and artificial intelligence in particular can help us a lot to reduce the vulnerability of phishing, but without a doubt the best defense is to keep our company employees well trained and prepared to know how to identify and react to these threats.