2. Phishing
Phishing is similar to an online con
game where attackers send
fraudulent email messages
appearing to come from trustworthy
sources to gain personal
information. These types of scams
vary in their complexity and their
attacker’s objectives, with spear
phishing and whaling attacks being
the more sophisticated forms of
phishing.
3. Phishing
Gone are the days when spear fishing meant “what you do
while vacationing in the warm waters of the Caribbean.” On
that same note, “whaling” has nothing to do with the
mammals nor one’s ability to have a “whaling good
time.” Now the terms are synonymous with being aware of
what comes through your inbox.
4. Rise in Phishing Attacks
Phishing attacks have been steadily rising
and are increasingly targeting
businesses. According to Verizon’s Data
Breach Investigations Report released last
year, 23% of recipients open phishing
messages and 11% of those people open
the links within these emails.
Furthermore, 50% of these recipients open
and click within the first hour. Email
filtering can catch some phishing attempts,
but not all, due to the rate at which these
emails are opened.
5. Spear Phishing
Spear phishing is directed at individuals and whaling attacks
are directed at senior level executives, also known as the “big
phish,” who have access to valuable information within a
business or organization. These attacks may occur utilizing a
malicious email that appears to come from a company
executive.
6. What is Spear Phishing?
Spear Phishing is a scam and you are the
target. It is an email that appears to come
from a business or someone that you
know, but in reality, it is malicious in form
and seeks to obtain sensitive information
(bank account numbers, passwords,
financial information, etc.).
7. What is Spear Phishing?
The spear ‘phisher’ thrives on all there is to know
about you. They research job titles, partner
information, company background, LinkedIn
accounts and personal social media outlets to
entice you into opening their emails. Just take a
moment to think about how much information is
available about you on the Internet.
Did you take pictures from a recent trip to Paris
and share them on Instagram; run a half-
marathon where your name and completion time
are easily accessible; or simply post the College
that you graduated from?
8. What is Spear
Phishing?
Once the spear phisher has this
information – game on! The next
email to you will probably use your
first name, reference a “mutual
friend,” how great you looked in
Paris, and congratulate you on
finishing first in your age group.
9. What are Whaling Attacks?
Whaling attacks are the “it” hack of 2016. Whaling uses e-mail sent from spoofed
or similar-sounding domain names to make it appear as though these emails were
sent from senior executives of a victim’s company.
This requires targeted research focused on the identity of an employee and the
organizational hierarchy within a company. This outreach is less personal in
nature.
Whaling emails may be more difficult to detect because they don’t contain
hyperlinks or a malicious attachment, they rely solely on tactics that depend on
human interaction and to manipulate their targets.
10. What are
Whaling
Attacks?
According to the security firm,
Mimecast, around 55% of
organizations have seen an increase
in whaling attacks over the last three
months. Their research further
suggests that in 72% of the cases
whaling emails appeared to be sent
by the CEO of the company, while
36% seemed to come from the CFO.
11. What are
Whaling
Attacks?
Whaling attacks have been identified
by hackers as the “golden goose.” If
you receive a branded “company”
email that promises reduced costs for
pet insurance, be careful about
opening any links or any attached
forms–especially if you just welcomed
a brand new Labrador Retriever
puppy into your life.
These links may contain malware that
opens up the gates of your corporate
network.
12. What are
Whaling
Attacks?
To avoid these damaging attacks, below
are three helpful guidelines to help you
stay protected. You may also contact
your IT Security Provider for more
information.
14. The Sender
Always pay attention to who the email comes from.
If you are not familiar with the business or person it is
from, you might not want to open.
If you do open it, avoid clicking on any links until you can
verify the identity of the sender.
If it comes from your CEO, you are still not in the clear.
Check the URLs to make sure everything is legitimate.
If you are the only one being offered pet insurance in the
company, you know there is a problem.
15. The Sender
The subject line might help
in determining whether or
not the email is malicious.
However, we do heed
caution especially if the
subject references an
purchase like, “Thank you
for your recent iTunes
purchase” as an example.
16. The Content
As phishing gets more
sophisticated, this may come
less into play.
However, read through the
to ensure that everything is
spelled correctly, written in a
clear manner, etc.
These are telltale signs that the
email may not have come from
trusted source.
Very rarely will you receive
emails from a C-level executive
within your firm sending emails
that are not grammatically
correct.
17. The Call to
Action
If you ever receive an email asking that
you send personal information, login
credentials or open an attachment –
don’t do it. Is there a moment where
you would actually contemplate giving
out your social security number via
email these days?
19. Social
Media
Button up personal information that is living on the Internet. If
you don’t, spear phishers have access to your friends list, email
address, posts showcasing your Apple watch, etc.
Keep as much information as possible restricted by customizing
your security settings.
The less information out there about you, the less you are
a spear phisher to go by.
20. Social Media
In addition, don’t sign up for
apps through social media
unless it is reputable. Every time
you enter your information is
another opportunity to be
hacked.
21. Passwords
Think about your passwords. Is it your
birthday that is listed on your social
media site? Or another date of
significance? Do you use one
or variations of that one?
What about “123456” or “password”,
the two most commonly used and
easily hackable passwords other
there. Click here for more information
on what makes a good password.
22. Passwords
Every password for every site should be different,
really different and should include multiple
characters.
If you follow these rules, please do not keep a
standing list on the note section of your iPhone.
If your iPhone gets stolen, not only did they get a
new device but, more importantly, that device has
just become their “golden ticket” at your expense.
23. Passwords
There are a number of password management
applications out there that will generate strong
passwords for you.
Your only requirement is to remember the
password that gets you access into that
application.
Through Managed IT Services, password
updates and changes will be proactively
managed by your provider for security
purposes.
24. Security Updates
Since most operating system and browser
updates include security updates, always update
your software. By doing so, you will make it that
much harder for an intruder to break through
when your applications are up to date.
25. Keep Your Wits About You
Use common sense when responding to emails.
How many times has a personal friend emailed you to obtain your personal passwords and
login credentials? Probably never.
If there is something suspicious about an email you received, reach out to your friend,
company, or senior executive that sent it to you.
Do not feel pressured to provide personal information even if they are playing on your
emotions.
Always be suspicious of unsolicited email even if it comes from you CEO.
26. Google
Yourself
See firsthand how much
information is out there on the
Internet about you. Don’t forget
any posts that you may made on
other people’s pages or company
updates on LinkedIn. Is there
enough information out there that
a phisher or whaler can scam you?
27. Manage your inbox with caution. Hacking techniques will continue to get
more sophisticated in nature, which is putting all businesses at risk. If you
are not satisfied that your organization is secure or would be able to
respond to an attack, contact us. We have helped businesses like yours
respond in times of crisis and put processes in place to guard against such
attacks.