301-571-5040    Get SUPPORT

Washington Works Blog

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

As a result, endpoint security has become a major consideration for nearly every organization. There are strategies and solutions that businesses can implement that will not only give IT administrators the resources they need to protect the company’s data and computing infrastructure, but also trains their staff in the backhanded way these hackers try and infiltrate the business’ network with their legitimate credentials. Let’s take a look at some different forms of phishing and what you should be teaching your staff to keep them from messing up, and making your business just another negative statistic.

Deceptive Phishing

As the most common type of phishing scam, deceptive phishing in a name is pretty obvious. The name of the game for this attack is to pull the wool over the eyes of an unsuspecting end user. In essence, a deceptive phishing strategy is one where an email or message is created impersonating a legitimate company or person to flat out steal personal access information. With this access, the illegitimate party has some time to pick and choose what he/she wants to take, or gain access to. By having legitimate credentials, the illegitimate party doesn’t immediately trigger any red flags.

Most deceptive phishing messages are ignored, caught by filtering technology, or disregarded when accessed; but, the one that works to fool the end user is worth the hundreds or thousands of emails they’ve sent using the same method. To ensure that your organization doesn’t have to deal with a data breach, or malware associated with that phishing attack, it’s extremely important to lay out the ways that these deceptive emails are different from legitimate emails.

Phishing emails traditionally have misspelled words and hastily thrown together construction. Typically, users will have to download some attachment. So if there is an attachment that an email prompts you to click on, be sure to check the URLs by mousing over the links to determine if the email is from a legitimate source. One thing every user should be cognizant of is that if the email is from a financial institution demanding payment, it is likely a phishing email. Email, while being a popular form of communications, is rarely used for such purposes.

Spear Phishing

These types of phishing attacks are personalized to a specific user. This can cause a lot of people to forget what they know about phishing and let their defenses down. The goal - as fraudulent as it is - the same as a traditional phishing attack, except it will be harder to decipher that it is, in fact, an attempt to trick the user into providing network access. The spear phishing email will often feature the target’s name, their title, their company, even information like their work phone number, all with the same aim: to get them to click on the malicious extension or URL sent with the email.

Users of the social media site, LinkedIn, will likely come across spear phishing if they utilize the service regularly. Since you provide certain information for networking with other like-minded industry professionals, you unwittingly provide the hackers with the information they need to build these messages. Of course, we’re not suggesting that you stop using LinkedIn, or any other social media because of the risk of hackers, but be careful what information you have shared within these profiles and ensure that any personalized email is, in fact, legitimate before you click on anything.

Pharming

With more and more people becoming savvy to these types of phishing attacks, some hackers have stopped the practice altogether. They, instead, resort to a practice called pharming, in which they target an organization’s DNS server in order to change the IP address associated with the website name. This provides them an avenue to redirect users to malicious websites that they set up.

To ward against pharming, it is important to tell your staff to make sure that they are entering their credentials into a secured site. The best way to determine if the website/webtool a person is trying to access is secure is that it will be marked with “https” and will have a small lock next to the address. Also having strong, continuously-patched antivirus on your organization’s machines is important.

With proper training and solid security solutions, your company can avoid falling for the immense amount of phishing attacks that come its way. To learn more about how to secure your business, and what tools are best to help you do just that, call the IT professionals at Washington Works today at 301-571-5040.

Businesses Always Battle Risk
If You’re Struggling Due to Cash Flow, You Aren’t ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, April 18 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Productivity Cloud Privacy Malware Hackers Network Security Business Email Software Hosted Solutions Internet Tech Term IT Support Data Backup Data Data Recovery Computer Efficiency User Tips Mobile Devices Google Innovation Backup IT Services Ransomware Microsoft Managed IT Services Business Management Hardware Cloud Computing Productivity Workplace Tips Outsourced IT Small Business Business Continuity Collaboration Android Paperless Office Managed Service Provider Managed IT Services Encryption Smartphone Server Windows 10 Office 365 Upgrade Social Media Phishing Communication Remote Monitoring Data Management Save Money Browser Disaster Recovery Smartphones Windows 10 Communications Cybersecurity Bandwidth Holiday Government VoIP Employer-Employee Relationship Passwords Work/Life Balance Compliance Apps Managed Service Business Technology Information Facebook Windows Artificial Intelligence Automation Chrome Healthcare App Risk Management Saving Money Infrastructure Tip of the week Antivirus Scam Vulnerability Unified Threat Management BDR Wi-Fi IT Management Document Management BYOD Internet of Things Quick Tips Word Money Analytics Network Chromebook Blockchain Virtual Reality Microsoft Office Mobile Device Customer Relationship Management Big Data How To SaaS Politics Vendor Management Hosted Solution Applications File Sharing Office Two-factor Authentication Password VPN Maintenance Server Management Hacker Automobile Settings Virtual Private Network Machine Learning Gmail Regulations Identity Theft Storage IoT Professional Services Point of Sale Website Telephone Systems Alert G Suite Health Management Private Cloud Computer Care Patch Management Firewall Samsung Access Control HIPAA Taxes Electronic Medical Records Proactive Wireless Downtime Physical Security Twitter Mobile Device Management Computing Mobile Security Bring Your Own Device Training Data loss Websites Smart Technology Remote Monitoring and Management Robot Networking Tablet Employees How To Recovery Remote Workers Meetings Social Botnet Router Remote Computing Data Security Company Culture Tech Support Comparison Zero-Day Threat Administrator Virtualization Language Internet Exlporer Utility Computing IBM Features Windows 7 Law Enforcement CCTV Computer Repair Multi-Factor Security Mirgation Geography Instant Messaging Connectivity The Internet of Things Software as a Service Webcam IT Support Touchscreen Search Education Corporate Profile Outlook Managed IT Service Modem Fleet Tracking Remote Worker Operating System Upgrades Processors Google Drive User Error Gadgets Managing Stress Budget Help Desk Solid State Drive Statistics Specifications Backup and Disaster Recovery Lenovo Computing Infrastructure Value Electronic Health Records Gadget Google Calendar High-Speed Internet Finance WiFi Digital Mail Merge Permissions Monitoring Wasting Time Cabling Bookmarks Relocation Cleaning WannaCry Shortcut Break Fix Cookies Asset Tracking ROI Tech Terms Travel VoIP Techology Printer Wearable Technology Users Enterprise Content Management Hard Disk Drive Bluetooth Black Friday Social Networking MSP Financial Human Error Cortana Supercomputer Black Market Firefox Superfish Alerts Customer Service Cyberattacks Legislation Chatbots Development Authentication GPS Emoji Spyware Address Fraud Star Wars USB Consulting Database Crowdsourcing Unified Communications Favorites Monitors Dark Web Nanotechnology OneNote Notes Theft Motion Sickness Avoiding Downtime Cyber Monday Motherboard Procurement Permission IT Budget Licensing Enterprise Resource Planning Spam Files Mouse Identity Cables Authorization Office Tips Tracking Cost Management Dongle Managed Services Provider Voice over Internet Protocol Web Server Personal Information Disaster Heating/Cooling Project Management Error Update Microsoft Excel Screen Reader Employee-Employer Relationship PowerPoint Time Management SharePoint IT Consultant Legal Security Cameras Test Digital Payment Cooperation Mobile Read Only Uninterrupted Power Supply Servers Wires Hotspot Assessment Service Level Agreement E-Commerce Net Neutrality Cameras Vulnerabilities Conferencing Staffing YouTube Smart Tech Augmented Reality Virtual Assistant Notifications Network Management Downloads IT Technicians Sports Managed IT Distributed Denial of Service WPA3 Printing RMM Cybercrime IT Solutions Unified Threat Management Staff Safety Marketing Hard Drives Competition Regulation Transportation IP Address Miscellaneous Mobile Office Domains Hiring/Firing CrashOverride Public Speaking Fun Presentation Lithium-ion battery Emergency Wireless Technology 5G Printers