Understanding Phishing: A Critical Cybersecurity Threat
2 Jul 2024
In today’s digital age, cyber threats like phishing pose significant risks to organisations of all sizes. At LoughTec, we understand the importance of addressing these threats to protect our clients from potential compromises and data breaches.
The Ubiquity of Phishing
Phishing remains one of the most prevalent methods used by cyber attackers to gain initial access into systems. Approximately 9 out of 10 cyber-attacks that we encounter start with a phishing email. These deceptive emails are designed to trick recipients into giving out sensitive information.
Advanced Strategies in Spear Phishing
We have observed some underground forums and found that advanced threats increasingly rely on spear phishing to harvest credentials from specific targets for their campaigns. However, there isn’t enough attention given to the opportunistic role of InfoStealer malware in initially compromising organisations. InfoStealer malware is a type of malware that spreads with the intent to gather as much reconnaissance data as possible, including credentials, fingerprints, and valid session cookies. Subsequently, initial access brokers sell these corporate credentials to the highest bidders, who may attempt to escalate privileges, and even deploy ransomware, compromising the organisation’s security further.
Everyone is susceptible to a phishing attack. Often, phishing emails are well-crafted and can take a trained eye to spot the genuine from the fake. There are, however, ways to make yourself less of a target. Below are our ten top tips to stay safe online and to be able to spot a phishing email.
Name of Sender Can Trick You
Email addresses and domain names can be easily spoofed. It is, therefore, crucial that you check the domain name for spelling alterations on suspicious emails. Even if they appear to have come from a trusted sender, always double-check.
Check For Typos
Attackers are often less concerned about being grammatically correct. This means that typos and spelling errors are often evident in messages. Such errors in an email could be a good indication that the message is not genuine.
Don’t Share Sensitive Information Hastily
Any email that asks for sensitive information about you or your company is suspicious. For instance, no bank will ever ask for personal information over an email. Directly call your bank to ascertain if an email is genuine or not.
Don’t Fall For URGENCY!
Phishing attacks use scare tactics such as urgency and authority to trick victims into taking immediate action. Emails that ask to share personal information or to make cash transactions are… ‘fishy’.
Hover But Don’t Click
Hover over URLs. If the alt text does not match the display text, or if it seems strange, DO NOT click on it. This also goes towards attachments, hover over attachments to check for an actual link, before you click on it or download it. But, if you are still unsure of the sender, do not click on the link.
Is It Too Good To Be True?
If it sounds too good to be true, chances are it is! Phishing attacks use fake rewards to tempt victims to take action. You wouldn’t win a lottery if you never participated.
Keep Your Devices Up To Date
Devices, and the applications on them, are more susceptible to attacks when systems are not updated. Maintain your antivirus and regularly check for updates.
Regularly Check Your Accounts
Check your accounts regularly to ensure that no changes have been made without your knowledge. Staying on top of your accounts, and knowing what data is held in each, will make spotting a phishing attack easier.
When In Doubt, Call It Out
If you suspect that the security of your work device or data has been compromised, inform your cyber security team or your manager immediately.
For more information on Cyber Security for your organisation, contact LoughTec Telephone: +44 (0) 28 8225 2445 or email info@loughtec.com
LoughTec are a leading provider of cyber security solutions and help hundreds of companies in the UK & Ireland with Cyber Security Training, Cyber Essentials Accreditation and IT Support.
