Human Hacking with Phishing attacks.
Human Hacking with Phishing attacks.

Social Engineering is commonly called human hacking, and it works by tricking unsuspecting users to give up sensitive information willingly. Phishing is the most common vector for these attacks, and if you’re not concerned, you should be!

How does phishing work?

It’s estimated that over 91% of cyber attacks started with some sort of phishing. To capture a user’s login credentials, execute a program, and gain valuable information, hackers have found ways to create emails and messages that look legitimate enough to fool people into complying with them. A phishing attack is usually targeted to specific users or groups and contains information relevant to them. The messages generally want your information, whether it be credit card numbers, passwords, bank information, or any other valuable information. Some of the messages may contain attachments that can appear harmless but have an executable payload that can give a hacker a backdoor to your network. Attackers go to great lengths to look authentic and can clone an email or corporate website so the average person won’t even know the difference of logging in to the real thing or the attacker’s server.

Common methods, what to watch for

Account verification phishing is something seen a lot. You may even have experienced this before, it usually starts with an email saying that there is a security alert or concern with your bank account. The link presented in the email is fraudulent and directs you to an illegitimate site to provide your credentials. This bait is often taken, and users give up their credentials to this scam.

Another method that is routinely found is cloud file sharing. This email will generally provide a link to what appears to be a google doc or Dropbox that contains a file for your review. The data may be malicious or once again ask for your credentials. Anytime an attachment or file is involved, phishing attacks become more dangerous than ever because a malicious file can run the risk of compromising an entire network.

Other methods can be more like the average run of the mill scam and include delivery notification for a package from USPS or FedEx that you know you never ordered. Perhaps you receive a fake invoice that shows unpaidservices or even a tax scam that appears to come from a Government agency threatening legal actions.

Best countermeasures to phishing

The best methods to defend against phishing is by providing cybersecurity awareness training to users. When an email asks for your credentials, never provide it without verifying with the service/vendor directly. Don’t click links in emails and always go to the legitimate site to check account information. Your users are the last line of defense and also the weakest link in your cybersecurity program. Additionally, technologyexists that can provide email filtering and identify attacks through threat intelligence so that the emails never make it to the users in the first place. Using a combination of these approaches is always the best control a company can have against phishing.

Share this content:
Related posts: