As the holiday season quickly approaches, hackers are hard at work targeting businesses and consumers. Now is an excellent time to review traditional phishing methods and the evolution of tactics we’ve seen this year. Even though most people can recognize and avoid email phishing attacks, they still account for 90% of data breaches. This time of year, consumers look for deals in their emails, and criminals are getting much more strategic with phishing campaigns.
Hackers are trying to steal a wide variety of data with phishing techniques, including personal and financial information, login credentials for retail sites, or business login credentials to install malware and steal business data. Since the pandemic, shopping from work computers and accessing work data from personal computers has become such common practice criminals are using retail phishing tactics to attack business resources.
Email phishing is still the top phishing tactic, even with all the consumer education and email filtering. Phishing emails typically create urgency or work on the reader’s emotion to click a link. Phishing email campaigns target a large number of users, normally sent out to thousands of people, hoping a percentage will click on the link.
Spear phishing is the next most prominent type of phishing. Spear phishing campaigns target individual users with information pertinent to that person. Spear phishing emails may use your name, city, bank, workplace, or other publicly available information.
Smishing is the third most prominent type of phishing. Smishing uses text or SMS messages to initiate the attack. Common smishing techniques are fake discount deals, delivery confirmation, and password recovery.
All phishing attack vectors attempt to create urgency or work on the emotions of the user. They may offer a black Friday deal or say that your account needs attention because the password has been changed. A common vector is to ask the user to confirm an expensive online order or show a fake shipping confirmation for a retailer you frequent. The holiday season is a great time of year to remind employees and family members of the dangers and tactics of phishing campaigns.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
