A significant number of organizational data breaches stem from phishing attacks. At a glance, these attacks result from a cyber criminal utilizing a fraudulent email or other form of communication to trick the victim into providing sensitive information or downloading malicious software on their device. Phishing attacks have become increasingly sophisticated in recent years and can take place in a variety of different formats.
What’s more, the consequences of such an attack on organizations like yours can be severe—including lost or stolen data, prolonged business interruptions, financial devastation and reputational ruin. With this in mind, it’s crucial for your organization to understand the most common types of phishing attacks and implement strategies to reduce your risks.
Review the following for an overview of three top forms of phishing attacks and steps that your organization can take to protect against them:
- Deceptive phishing—Known as the most common type of phishing attack, deceptive phishing occurs when a cyber criminal impersonates a trusted organization (e.g., a bank) via email to fool the victim into providing sensitive data or login credentials. To prevent deceptive phishing attacks, instruct staff to avoid responding to emails from seemingly legitimate organizations if the message appears overly urgent or aggressive, contains a generic greeting or has spelling errors.
- Spear-phishing—This type of phishing attack entails a cyber criminal sending a more customized email (e.g., using the victim’s name or job title in the greeting) to convince the victim to click on a malicious link or attachment. To avoid spear-phishing attacks, discourage staff from sharing personal or company information online, and consider investing in security software that analyzes incoming emails for harmful links or attachments.
- Whaling—This form of phishing attack takes place when a cyber criminal specifically targets a company executive with a spear-phishing email, gaining access to the executive’s account or device and authorizing fraudulent financial transfers or the distribution of employees’ personal information. Reduce the risk of whaling attacks within your organization by requiring executives to complete the same cyber security training as the rest of your staff and implementing multifactor authentication for all financial transactions and data transfers.
For additional guidance on how to mitigate your organization’s cyber exposures, contact us today.
© 2020 Zywave, Inc.