Graphic of hacker fishing in other computer

5 ways phishing threatens your business

To a cybercriminal, you’re nothing more than a big, juicy fish. Kind of.

The act of sending out malicious emails to trick people into willingly give their information is known as “phishing”. Because, much like fishing, criminals wait for you to take the bait before striking.

What phishing is:

Instead of malicious code and software, the cybercriminal depends on deception and simple trickery to gather personal or sensitive information from the victims.

From there, they gain access to critical files, data, and information.

What phishing isn’t:

Phishing is often confused and grouped with hacking. But it’s not the same thing.

Hacking requires the knowledge of programs and code that exploit (or create) gaps in security infrastructures. In other words, hacking extracts information involuntarily, while phishing requires users to hand over information willingly.

It isn’t a straightforward trick that you can easily ignore.

It requires constant attention, intelligence, and a basic sense of awareness. Dealing with phishing attacks have become a natural part of running a business: in 2018 alone, there were an estimated total of 482.5 million attacks that went out to businesses.

The scary part? Not all phishing attempts are created equal.

Here are 5 different phishing attacks and the ways that they threaten your business.

Clone Phishing

When cybercriminals get their hands on an email, they can do a lot with it.

For starters, they analyze everything – from the user-sender relationship to the tone and language used in the email. With this information, they can create an almost identical email that can be nearly impossible to distinguish from the real version.

The difference with the clone is that it usually claims to be a “resend” of the original email due to one reason or another.

How it threatens your business:

Clone attacks don’t just infect your network – they’re the catalyst for infections that push them along to other devices across the network. If left unblocked, they can quickly spread to all your staff.

Website Forgery

This web-based attack is also known as a “deceptive site”.

The cybercriminal goes through the process of building a site that is nearly an exact replica of the target website. When a user arrives on the site, they browse it like they would for the original site, since it contains the exact same functionality.

Often, the user won’t be able to tell that they’re on a fake site because a fake URL will be overlaid over the address bar on the site.

And once the user submits any information on the site (such as email addresses, passwords, credit card info, etc.), the criminal has won.

This attempt is hard to spot, and even harder to defend against. The credit giant Equifax recently fell for a website forgery attempt, and actually directed its users to go to the fake site on accident.

How it threatens your business:

If your staff and customers fall victim to this attack, it’s bad news. The onus is on you to be vigilant and ensure that you’re keeping your website free of forgery.

Phone Phishing

Phishing attempts don’t always find you through an email or a browser.

Sometimes, the most convincing attempts actually come from phone calls. Usually, the cybercriminal will use untraceable VoIP services to conduct the calls.

The attempts usually go something like this: first, they claim to be important services, such as debt collectors, banks, and hospitals. Then, they prompt their users to enter information such as account numbers and PINs.

When the criminal has what they want, they simply hang up and move on to their next victim.

How it threatens your business:

Untrained staff can accidentally hand out sensitive information without ever giving it a second thought.

Related content: 4 of the worst data breaches we’ve seen and what they teach us

Spear Phishing

Generally speaking, phishing targets the masses. More than a fishing pole, it’s more accurate to think of it as dragging a large net. It’s imprecise, and it tricks only those that don’t know what to look out for.

But spear phishing is nowhere near as clumsy and imprecise as most other types of phishing.

Spear phishing targets a specific company or group of individuals. Criminals behind this approach take their time; they gather as much information as they can before taking any action.

Because of this, spear phishing attacks often take many months, and in some cases, even years. In other words, while the approach is usually like types of phishing, there is a massive amount of research behind each and every word.

The scary part is that they’re incredibly common – 95% of all attacks on enterprise networks are the result of successful spear phishing.

How it threatens your business:

Spear phishing targets key decision makers and information holders within an organization. If a single one of them falls prey to the highly targeted message, it could cause irreparable damage to operations.

Whaling

The most dangerous type of phishing is actually a variant of spear phishing.

Whaling earns its name because it goes after the biggest targets in a business – the executives. The content of whaling attempts typically deals with executive-level issues while carrying itself as an important email.

Often, they disguise themselves as legal subpoenas, customer complaints, or as fellow executives needing important information.

How it threatens your business:

Once the executive of the company falls for the scam, the company can suffer greatly and even shut down completely.

Helpful content: The complete guide to SMB cybersecurity

What can you do to protect your business?

Phishing schemes are tricky cyberattacks to deal with.

Ultimately, the best defense is user awareness and proper security training. To make sure you’re getting ample security support, it’s always good to partner with an IT security professional that can ensure you’re both protected via advanced security measures AND user training.

Luckily, we know just the people to talk to.