26% of employees have clicked on a phishing email at work in the past year according to recent research by Tessian. It only takes one mistake for any employee to click on a phishing email link.

In this blog we will look at the different types of phishing attacks and how you can protect your business from these attacks.

Methods of Phishing

Bulk Phishing

This is the most common form of a phishing attack. The cybercriminal will send a phishing email to a large pool of employees hoping that one of them clicks the harmful link. The message will look legitimate as the phisher will impersonate a legitimate employee.  Some of the common companies that are impersonated are Apple, Amazon, Microsoft and LinkedIn. These phishing emails will create a sense of importance and urgency to stop the victim from checking if the email is legitimate.

What to look for in a Phishing email:

• Random requests – gift cards or transferring funds
• Urgent requests
• Grammar and spelling mistakes
• Incorrect email addresses and domain names

Spear Phishing

Spear phishing attacks are low volume and high effort. The cyber attackers use open-source intelligence to gather data on their targets. This could be their name, phone number, date of birth etc. The cybercriminal will use this personal information to create customised phishing emails to deceive the victim into believing the email has come from a trusted source.

Spear phishing attacks can be difficult to detect, her is what to look for…

• Strange or different formatting
• Urgent requests
• Emails with unsolicited attachments or links
• Sender names and email addresses that don’t match

Whaling

Whaling is like spear phishing but only targets high profile employees like directors and managers. The aim of a whaling attack is to access a high-profile employees account and then gain access to business bank accounts and sensitive data.

Smishing and Vishing

Smishing is an attack via SMS. Vishing is an attack via voice calls. These forms of phishing attacks are used to trick the victim into giving out sensitive information to the cybercriminal. Individuals should never share information of an individual on an inbound voice call or SMS.

How To Keep your Business Protected

Email Security Solutions

There are a number of email security solutions available that will help to protect your business and employees. Here are some of the key features of a good email security solution:

• DLP operation
• Anti-spoofing policies and DMARC
• AI phishing detection
• Behavioural intelligence modelling

Email platforms such as Microsoft Outlook will have some of these features included as a standard, but it’s always a good idea to protect your business as much as you can.

The Human Firewall

A human firewall is whereby employees are given tools and training to help them understand how to minimise cyber risks. Employees should be given time and education material so that they can learn themselves how to mitigate the risk of a cyberattack. Phishing awareness training should include common phishing methods, examples of phishing emails.  The human firewall is so important as this is the last line of defence.

Multifactor Authentication

If your email security solution does not stop a phishing attack and an employee clicks a harmful link and the hacker gains access to sensitive data, you need a way of preventing access to their account. MFA stops 99.9% of account breaches. If a cybercriminal has a user’s credentials, they will also need access to their phone or biometrics to get into their account – which is highly unlikely.

Need IT support?

Get in touch now to find out how we can help your business

Previous

Next