Common phishing tactics and how to avoid them

Common phishing tactics and how to avoid them


Phishing attacks continue to pose a significant threat to organizations in virtually all industries. According to a Kaspersky report, there were 482 million phishing attempts in 2018, and experts expect this number to increase exponentially by the end of 2019.

Businesses are lucrative targets for cybercriminals because of the vast amounts of sensitive information they process and store. Every year, hackers get more creative in using email, social media, or phone calls to access passwords, credit card credentials, and other sensitive information from unsuspecting users.

To protect you and your employees, it’s important to be aware of the most commonly used phishing tactics.

#1 Deceptive phishing

Hackers impersonate legitimate companies like Google and PayPal to attempt to steal an individual’s login credentials or credit card information. Oftentimes, they’ll email you that you need to “verify” your account to urge you into clicking a dangerous link. Usually, these malicious links lead to a fake page designed to collect your login credentials and financial information.

Because of how closely the email resembles a legitimate company’s correspondence, it’s easy to fall into this trap. To protect your data, be on the lookout for grammar mistakes, spelling errors, and suspicious links and email attachments. You can check a link by hovering your pointer over it to see the URL destination.

#2 Spear phishing

Unlike deceptive phishing where scams are sent out en masse to target several people, spear phishing is customized to a specific target. They’ll research on their victim's position, company, social media, and contact details, and use this information to trick the recipient into believing that they have a connection with the sender.

LinkedIn is a common avenue for this type of attack because hackers can easily search for information and connect with people on the website.

This is why companies need to conduct cybersecurity awareness training and educate their employees against publishing sensitive personal or corporate information on social media. It’s also a good idea to verify the sender either by checking their social media profile or contacting them through another channel. For example, if a bank contacts you through email about a frozen account, call them directly on the number on their official website instead of clicking on the link in the email.

#3 SMiShing

SMS-phishing or SMiShing is a phishing attack through SMS. According to a 2015 report by Adobe Blog, 90% of SMS are read within 3 seconds. This is why text messaging has become one of the most effective avenues for scammers to target businesses.

Similar to any other phishing campaign, cybercriminals send a bulk text to several phone numbers and claim that your social media account or credit card has been deactivated due to a suspicious activity. They’ll send you a link to “verify your details.” This type of attack usually works because it’s much easier to check an SMS than an email. It’s also difficult to check the link without clicking it because you cannot hover a pointer on a link using your phone.

Again, beware of messages that urge you to click a link or ask for important information. If there are suspicious activities on your credit card, reputable banks will usually call you instead of sending a text message.

The best solution would be to partner with a managed IT services provider (MSP) like Refresh Technologies. They’ll make sure to monitor your data 24/7/365. They can also track unwanted traffic in your network to keep cybercriminals at bay.

Don’t compromise your business data. Contact Refresh Technologies for more information about phishing attacks. Here at Refresh Technologies, we can fend off both internal and external threats to your business. Call us today!