As of June 2023, the number of reported scams received by The National Cyber Security Centre (NCSC) stood at more than 21 million. Although this resulted in 133,000 scams being removed across 242,600 URLs, these figures show that the war against the scammers still rages. Moreover, the scammed remain on the back foot.
Cyber-attacks, particularly those related to cloud environments and applications such as AWS, Azure and Office365, cause untold damage to a wide range of businesses. Issues currently being reported range from phishing emails with links and attachments, to the spread of malware and ransomware viruses and attacks on vulnerable cloud environments. All are capable of paralysing business operations, and, in some instances, personal and business information is leaked and processed via the dark web.
We know it’s a complicated and evolving subject area, and that’s why we’ve compiled this list of the phishing attacks posing the greatest threat to organisations today, and what you can do to ensure the phishers don’t get their hooks into your business.
The most common type of phishing attacks:
Email phishing attacks
Still the most common type of phishing attack, with email phishing, an attacker sends a fraudulent email that appears to be from a legitimate source, such as a bank, an online retailer, or a social media platform. Typically, the email will ask the victim to click on a link or download an attachment, which then installs malware on their device or directs them to a fake login page to steal their credentials.
Smishing attacks
This increasingly common type of phishing attack targets mobile devices through SMS or text messages. The attacker either sends a message with a link or asks the victim to call a phone number and then tricks them into sending over money or sensitive data.
Vishing attacks
Otherwise known as ‘voice phishing’, a vishing attack involves the targeting of victims via phone calls, often impersonating a bank or someone the individual knows and trusts. Attackers create a sense of urgency or fear during the calls to convince the victim to send money or sensitive information.
Pharming attacks
In this type of attack, the cyber-criminal redirects the victim to a replica website of a trusted brand by altering the DNS settings or using a malware-infected computer. The fake website looks identical to the legitimate one, and the goal is to steal the victim’s sensitive information.
Whaling attacks
A whale-phishing attack is so-named because it goes after the ‘big fish’ or ‘whales’ of an organisation, typically those within the C-suite or an otherwise position of corporate seniority. These individuals are targeted because they are more likely to possess information that can be valuable to attackers, such as proprietary information about the business or its operations.
Spear Phishing attacks
Though rarer, spear phishing is a particularly insidious and specific type of targeted phishing attack. Here, the attacker spends time researching their intended target and then sends them messages they are likely to find personally relevant. These types of attacks are fittingly called ‘spear’ phishing because of the way the attacker zeroes in on one specific target. As messages often seem legitimate, it can be especially difficult to spot a spear-phishing attack.
Fighting the Phishers
There are certain rudimentary steps you can take to protect yourself against phishing. As criminals use publicly available information about you and your organisation to make their phishing messages more convincing, you can reduce the likelihood of being phished by thinking about what personal information you share and by reviewing your overall cyber security settings.
However, such steps will only provide a thin layer of protection. As today’s scammers use increasingly sophisticated methods to defraud and threaten, businesses need defences that can handle the onslaught.
At Vaioni, we provide our customers with a comprehensive assessment that includes an actionable plan with key timings and recommendations on fixes or remediation. Working with our best-in-breed Gartner Magic Quadrant cyber partners, our approach to security and data security means we can equip you with the tools to recognise, evade and respond to threats.
We can also integrate IPSEC/SSL VPN, Antivirus, Antispam, Ransomware protection, Web Filtering CASB, Application Firewall, and AI into a single agent, thereby enforcing centralised security policies to the agent, without forcing you to use a single secure exit point to the Internet.
Financial threat, reputational damage as a result of business paralysis, and inadequate security threaten both your bottom line and run the risk of putting you on the wrong side of the law. Drawing on our expertise, pedigree, partnerships, and technology infrastructure, we mitigate this risk and protect business-critical operations, preventing costly network downtime and safeguarding data.
Moreover, all our assessments are undertaken remotely, ensuring you’re able to concentrate on running your business while our experts do the rest.
