It’s almost summer, which means hot and sunny vacation days are right around the corner. Do you know who isn’t taking time off this summer? Cybercriminals! Even if you’re taking a much-needed break, a relaxed brain shouldn’t be a complacent one. It’s never too warm to learn about more advanced phishing techniques. Check these out before slathering on that layer of sunscreen.
Advanced Phishing Techniques
Calendar phishing is when cybercriminals send calendar invites containing links or attachments. Their goal is to get you to click the link or open the attachment, both of which install malware onto your computer. Calendar phishing attempts often look like innocent RSVPs to events or meetings. To avoid calendar phishing attacks, change your calendar settings so that it doesn’t automatically accept invitations and accept invitations only from trusted parties.
Spear phishing is a very targeted attack. Much like actual spearfishing — focusing on one specific fish and catching it with a fishing spear — spear-phishing specifically targets victims using known information, such as their position within a company, hobbies or likes voluntarily shared over social media. With so much information readily available online, it’s very easy for cybercriminals to design very specific and personally tailored phishing emails that are more likely to be successful.
Angler phishing occurs when a scammer poses as a representative of a company’s customer support. This type of scheme got its name from how similar it is to angler fishing techniques in which a stationary fisher repeatedly casts their line and hook into the water, hoping for someone to take the bait. These phishing attempts are typically done by vishing or voice-phishing, but they can also be attempted via email or social media.
Whaling is a type of spear phishing that targets a company or organization’s senior management — the big fish in the sea. The tactic involves offering upper-level officials enticing offers or faked customer complaints. Cybercriminals rely on the fact that senior management can be too busy to properly review a message for the tell-tale signs of phishing.
Advanced Phishing Protection
With so much information readily available online, it’s very easy for cybercriminals to design very specific and personally tailored advanced phishing techniques that are more likely to be successful.
Employees need ongoing anti-phishing training and simulation tests to protect against these techniques, especially since phishing attacks are continuously getting more sophisticated, and social engineering attacks can have costly consequences, such as compromised data and damaged networks. Contact us today to learn more about how you can build your Human Firewall to protect your organization.