What Is Phishing?
The most common social engineering attack, phishing is, simply, a ruse tricks a user into giving access, data, or money to bad actors.
During a phishing attack, the bad actor pretends to be a person or organisation known to, and trusted by, the target and asks for access to a system or for financial information. The end goal of phishing is financial gain, access to a secure system, or both.
How Does a Phishing Attack Work?
A phishing attack has multiple steps:
- The threat actor identifies a target. That target is often an internal user at an organisation. However, individual consumers can also be targeted by attacks.
- The threat actor pretends to be a trusted source for that user – be it an IT person or a representative from a trusted organisation — and contacts the target. The traditional route for phishing is email.
- The threat actor convinces the target to either give them access to secure systems, give them financial data (or other valuable data) or both.
Example of a Phishing Attack:
American Airlines recently disclosed a data breach that was utilising phishing techniques to gain access to employees’ files and data. The bad actor was able to hack a single employee’s Microsoft account, and then used that account to send phishing emails to other employees, requesting access to more assets.
Phishing vs. Smishing?
Smishing, short for SMS phishing, is a form of phishing that utilises mobile devices. As mobile devices have become more common tools for employees, especially as part of multi-factor authentication, bad actors are targeting these devices more.
The Anti-Phishing Working Group (APWG) “Phishing Activity Trends Report” noted that smishing attacks increased 70% in Q2 of 2022.
What Are Common Phishing Techniques?
This is a cyber attack that uses email as a method of contacting potential victims. These attacks are typically mass-emailed campaigns that cast a wide net as phishing “lures” are sent to a vast number of recipients. The emails include a malicious link or attachment and try to get the person receiving the message to click on the link or open the attachment by expressing a sense of urgency, inciting fear or curiosity, or using some other enticing message.
Phishing that resorts to scams via a phone call is called vishing. During vishing calls, cybercriminals often impersonate people of authority—like an IRS agent, a bank representative, or even a tech support person—to scare the target into taking action. The interaction moves fast. The caller tries to confuse and fluster the potential victim, making it a lot easier for the would-be victim to comply with the request.
Smishing uses text messages (SMS) to send its malicious link. Anyone who owns a smart phone has likely received a text saying they won a prize or received a message with a similar lure. Attackers may also impersonate a legitimate company to entice the recipient to divulge sensitive information or download a malicious file.
Spear phishing typically involves a greater degree of social engineering. Such attacks target specific people with personalised emails that include valid information about the recipients to convince them of the sender’s legitimacy. Cybercriminals may root around on social media for information or just use an educated guess.
How to Spot a Phishing Attempt
A phishing attempt, whether it comes through email or through a mobile device, usually has similar characteristics that can help a target identify the threat:
- There are misspellings or obvious grammar issues
- The message asks for sensitive, valuable, or financial information
- The message contains suspicious links
- The message has a sense of urgency
- The message is from someone who has never contacted you before, I.e the CEO of your organisation
How To Prevent Phishing Attacks
1. Employee Security Awareness Training
Employees are the first line of defense when it comes to social engineering attacks. They are the targets and the ones who can stop the attack before it begins. The best training is frequent, engaging, and works to educate users on new threats.
2. Employ Multi-Factor Authentication
Multi-factor authentication helps prevent unwanted access by making a user verify themselves before gaining access. This tool can stop a phishing attack, because if the bad actor gains credentials, they will still be unable to bypass the multi-factor authentication verification.
3. Rotate Passwords Frequently
A threat actor can’t use credentials if those credentials have been changed. In addition to password rotation, many organisations utilise a credential vault which prevents users from ever knowing the passwords in the first place.
How Arctic Wolf Can Prevent Phishing
Arctic Wolf® Managed Detection and Response (MDR) solution provides 24×7 monitoring of your networks, endpoints, and cloud environments to help you detect, respond, and recover from modern cyber attacks. If a spear phishing attempt becomes a successful attack, MDR can immediately detect the new behavior and alert your IT team, helping you mitigate the attack.
Arctic Wolf® Managed Security Awareness employs engaging micro-learning sessions that help employees recognise social engineering tactics to prevent future threats from becoming data breaches.