Tag: Phishing

Categories
Casserly Consulting Blog

How to Spot Three Forms of Phishing Attacks

three_phishing_scams_400.jpg

One of the crazy things about hackers is that they will do whatever it takes to ensure that they steal as much information and sensitive data as possible. One of the more innovative ways that hackers spread threats is through spam. Unwanted messages have grown from simple annoyances, to the spread of unwanted software and malware, all the way to sophisticated attacks on targeted individuals known as phishing attacks. Do you have ways to secure your business?

Phishing attacks come in various shapes and forms. Here are some of the most common ways that hackers will use elaborate phishing attacks to scam your business, including phone calls, normal emails, and social media.

Phishing Calls
If you receive calls from strange numbers that don’t leave messages, there’s a solid chance that you could be the target of a phishing call. These messages are designed to target specific employees within your organization to coax information out of them. They might try to be from IT support to steal a printer model number, or perhaps they are hoping to steal usernames and passwords. Either way, the point stands that your organization contains lots of information that a scammer finds helpful.

It’s incredibly important that you teach your employees to know the difference between a fake phone call and a real one. Put them through the ringer when they call and try to guarantee their authenticity (or lack thereof). You should always cross-check contact information before giving up any information to anyone. When in doubt, simply don’t give away anything important.

Phishing Emails
While a phishing phone call will be pressuring your staff to make an immediate decision, a phishing email will likely give you more time to decide if you want to hand over information or commit to a decision. Tailor-made and customized phishing messages have risen in popularity with the intention of stealing specific information from a specific user. Often times, phishing emails will convince the user to click on a malicious link or download an attachment.

Implementing a spam filter and employee training exercises can go a long way to secure your company from phishing attacks. However, it’s still important to be able to identify the throwaway signs of spam and phishing. You should look for spelling errors or incorrect grammar, falsified information, and just about anything else that doesn’t necessarily belong. Still, phishing messages have become more elaborate than ever before, so make sure to consult security professionals if you truly can’t tell the difference between a real and fake message.

Phishing Accounts
It’s easy to use social media for bad purposes. Hackers can use them to attack their targets through the identity of someone else. A hacker can take on any identity they want, which makes phishing accounts even more difficult to identify–particularly if they have taken the identity of someone you might know. In general, just try to avoid messages that come out of the blue, and use your previous interactions with the sender to see if they are (or aren’t) who they claim to be.

Overall, just ensure that you approach potential phishing incidents with skepticism. It’s the best way to make sure that your business doesn’t fall to spam and phishing attacks. To learn more about how you can secure your company, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Someone’s Trying To Phish You… Do You Play Along?

phishers_man_400.jpg

Phishing scams have been popping up for years–their most infamous attack vector has even become a punchline: some long-lost relative stuck in a far-off country suddenly reaches out, offering riches, but only if so-much money is provided first. People from all walks of life have been duped by these scams, and while not all of them are this transparent, most are pretty easy to spot.

There may be some temptation to strike back in retribution against the criminal who targeted you, in the form of driving them crazy by wasting their time. Unfortunately, as tempting as such activities may be, they are not a good idea. Take it from the cyber security researchers who have tried–cybercriminals do not take well to mockery, or having their time wasted. A researcher from Malwarebytes, Jerome Segura, found out firsthand when he used a virtual machine to follow a scam to see where it would lead.’

With his device recording everything that played out, Segura first interacted with a female who claimed to have found many, many issues on his device that needed to be resolved before his system was corrupted. Not only that, but Segura was told that his software warranty had recently expired, and he would have to pay the $299 renewal fee to another representative.

Of course, Segura didn’t supply the correct payment credentials, which tipped off the hackers. The hackers then seized control of Segura’s computer, deleting all of his files and his Ethernet adapter driver before calling Segura a rude word and disconnecting.

While these sorts of stories may seem comical in hindsight, they are no laughing matter. This is especially true when things get much more serious.

Take Jakob Dulisse’s story. The wildlife photographer received a call to his home in British Columbia from “Windows Technical Support” in Los Angeles. Coming to the conclusion that this was an attempt to scam him, Dulisse played along before accusing the caller of being “a scammer, a thief, and a bad person.”

The person on the line did not react well at all. Describing himself as a killer, the caller claimed that his group had people in Canada who would cut their victims into pieces and dispose of them in the river.

Other scammers will simply install remote access software as their target decides to mess with them, opening the door for them to come back later, as other cyber security professionals have found.

It is important to remember that these are, in fact, professionals, which means they are better equipped to deal with such threats. It is their job to discover what means of attack cyber criminals are using, and share the best response. This is not how the average business user should handle this situation, the business owner should file a report with the authorities and alert both their Internet service provider and their managed service provider.

An MSP can help make sure that you are fully prepared to handle any cyber security threat that darkens your business’ door. Give COMPANYNAME a call at PHONENUMBER today.

Categories
Security

Study Finds Social Media Phishing Scams to Be the Most Dangerous

b2ap3_thumbnail_employee_misuse_causes_problems_400.jpg Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.

A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”

This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.

James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.

If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.

You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone. With COMPANYNAME by your side, you’ll be prepared to handle any cyber threat. To learn more about what we can offer your business, reach out to us at PHONENUMBER.