phishing attack

Beware of These Four Things in Phishing Attacks

According to a report from Radware, the average cyberattack now costs a business $1.1 million. That is a considerable loss for any business to absorb. 

While phishing is one of the oldest tactics for cybercriminals, it is still one of the most common and it is still effective to this day. Much of this is due to the fact that criminals keep adapting this tactic to overcome many of the security measures, from email verification tools to firewalls, that businesses use to prevent phishing attacks.

The following are four of these newer tactics and some tips for what a business can do to protect against them.

Phishing with Shared Files

Most email services now scan for malicious links. To overcome this layer of protection, cybercriminals have adjusted their tactics by sending a link to a file hosted on a legitimate service like Dropbox or Google Drive. When you go to the document, it will have a link that will take you to a fake login page that asks you to authenticate to view the file.

One of the best ways to protect against this type of attack is to have all of your employees start using a password manager. Since the password manager will only provide your sign-in credentials to the real site, there is no threat of your password being compromised by one of these fake login pages.

Phishing from Messaging Apps

Since most email services now have measures to protect against phishing attacks, criminals have adjusted by using many of the same tactics in messaging apps. According to a report from PhishLabs, there has been a significant increase in phishing attacks through SMS services.

Awareness is the best tool to prevent these types of attacks. Many of these SMS attacks use the same phishing tactics that you would see in email. Train your employees to treat SMS communication with the same scrutiny they would apply to email.

Read More: Secure Messaging for Confidential Communication

Phishing for SaaS Credentials

There is an increasing trend of phishing attacks that target the SaaS credentials of employees. Once a criminal has a password to an account for something like Office 365, Slack, or Dropbox, they then have access to a wealth of company information. From there, they can then impersonate someone from the company to further any number of criminal schemes.

Awareness is one way to protect against compromised accounts, but you should also implement multi-factor authentication. With multi-factor authentication, a criminal will need more than just login credentials to gain access to your SaaS accounts.

Interactive BEC Attacks

Attacks that involve business email compromise (BEC) are not new, but there is a new tactic being used. With the new BEC attacks, the scammer will pretend to be someone at the company and start an email conversation with the target. They will rely on information they have about the two parties to give a convincing performance, and they will usually send a few emails back and forth before making a move to get the person to send money or documents.

The best way to protect against this type of attack is to have employees confirm requests sent through email in a different communication channel. When a sensitive request comes through, coach them to call the person on the phone, send them a text, or contact them through a messaging app. 

While it is important to keep an eye on the latest trends in cyberattacks, a business owner needs to recognize that cybersecurity is a never-ending battle. You need to be aware of the types of attacks that may target your company, take measures to protect against them, and train your employees to know how to identify and respond to different types of phishing attacks.

Read More: Online Privacy Checklist ☑️