Phishing is a type of cyberattack that is designed to steal sensitive data such as login credentials and credit card information. The term ‘phishing’ originates from the word ‘fishing’, due to the cyberattack strategy using ‘baits’ to lure out victims.
Often, phishing scams will be distributed through fraudulent email addresses that direct users to fake websites. By posing as legitimate companies, cyberattackers trick victims in to typing their credentials into fake websites that send the information directly to them.
While most phishing scams are non-personal and widely distributed, ‘spearphishing’ is a strategy that targets specific companies or groups of high-level individuals within organizations. By specifically tailoring the emails to these people, these fake emails become even more difficult to detect.
Recent phishing attacks are getting sneakier
A recent phishing attack posed as a Denver-based law firm and targeted the company’s clients. The fraudulent email asked victims to follow a link to download an “important PDF”. When clicked, this link redirected them to a fraudulent site where they would be prompted to enter their office 365 login credentials. Once they entered the information, it would be sent to the cyberattacker. Finally, they would be redirected to the legitimate Microsoft site.
Significant to this attack is the fact that the fraudulent website was actually running on a legitimate SSL certificate and was hosted on a domain that was under Microsoft. Therefore, it was even more difficult to detect than normal phishing attempts.
Protecting yourself against phishing
The most effective way of protecting your organization from phishing scams is to educate your staff on how to spot the signs of a fraudulent email. Some common tells include spelling or grammatical errors, inconsistent capitalization in the subject line, or suspicious sender email addresses. If employees are vigilant of these warning signs, the effectiveness of phishing scams in your organization will decrease significantly. In light of the most recent phishing scam using a legitimate SSL certificate on a fraudulent site, it is also important to educate your employees on the methods of identifying object store URLs on Azure, AWS, and GCP.
In addition to being able to recognize common phishing strategies, it is also important to ensure that all company computers are running up-to-date antivirus software. It is also beneficial to actively keep track of cloud accounts in order to detect suspicious activity.
GigE Solutions can help you educate and protect yourself against phishing scams. Contact us today at +1 888 366 4443