Are you aware of the latest phishing attacks threatening your systems?
Email security has had to most certainly `up its game` over the years. Staying ahead of malware and ransomware attacks, growing in sophistication while still allowing your business to do what it needs to for it to work.
With reports continually in the news regarding threats and attacks on people’s data and private and confidential information, it's no wonder that SonicWall email security has seen a rise in demand.
Phishing is now the most common attack carried out by cybercriminals. Becoming more sophisticated in their approach and targeting, these email threats now demand recipients to act. To click on a malicious link, open a corrupt and virus-ridden file, providing personal details so access to information can be stolen, and so much more.
These threats continually try and work their way around email security software. With a recorded 26 million phishing attacks taking place worldwide (according to the 2019 SonicWall Cyber Threat Report), the average SonicWall customer faced a staggering 5,488 phishing attacks alone.
Common Phisher Tactics
As we become better at spotting and blocking unsolicited emails and links, etc., businesses are also now taking the necessary precautions in training staff to be able to detect such malicious threats too.
However, those carrying out the phishing attack are also changing their tactics, reducing the volume of emails they send out and instead, sending much more targeted phishing attacks.
Below, we’ve provided the top 5 tactics phishers will use to steal your identity, deploy malware, infiltrate your systems and networks, and damage your brand.
1. Compromised credentials
Compromised credentials spawn from account takeovers, using ID and password combinations to carry out attacks from the inside. It ultimately involves compromising employees work credentials by launching a credential phishing campaign or worse, by buying these credentials on the Darkweb. These stolen credentials are then used to access certain information, systems, data, etc. In January this year, Troy Hunt, security research, found approximately 773 million email addresses and over 20 million passwords available for sale on Hacker. How long they had been, there is anyone’s guess and is also the scariest part.
2. Fake websites
Malicious URLs are one of the more innovative approaches a cybercriminal can take. Creating phishing websites to gather login details and personal information.
It’s reported that over 1.5 million phishing websites are developed and deployed every month, with the detection of such sites becoming much harder because phishers will use multiple redirections and URL shorteners.
It’s also good to be mindful that some phishing sites even have HTTPS and SSL certificates in place, making it much harder to spot a fake at first glance.
Popular document sharing and collaboration sites are the most targeted. Creating fake login forms and using them as a platform to distribute malicious payloads.
3. Business Email Compromise (BEC)
BEC is a serious scam which targets those businesses working with foreign suppliers, or indeed those businesses who regularly carry out wire transfer payments. In each case email accounts are compromised through social engineering or computer intrusion techniques, conducting unauthorised transfers of funds.
Unfortunately, these types of attacks are difficult to spot and stop because they don’t actively contain any malicious links or corrupt files, rather just another email from a “trusted sender†requesting a transfer in funds.
SonicWall email security software works hard to counteract such attacks, as well as provide teams with the vital signs on how to spot a fake.
4. Targeting of Office 365 Applications
With Office 365 growing as the most popular choice when it comes to a cloud-based email platform, it shouldn't come as much of a surprise that Microsoft is now the most impersonated brand online.
As the Office 365 subscription platform is open to anyone with a credit card, cybercriminals are finding these security features very accessible and easy to target.
5. Corrupt/Malicious Files
Sending a corrupt attachment or PDF is the most popular form for malicious payloads such as ransomware and malware. Taking advantage of people’s trust that PDF files are safe, these new PDF fraud campaigns are increasing at pace.
Email security is your best defence against all and any attacks. Protecting your business, your employees’ credentials, and your reputation and brand all at the same time.
Don’t let phishing attacks threaten how you run and manage your business.
Contact us today to find out how we can help you.