Have any question?

Call (403) 210-2927

Get Support

Blog

  1. You are here:  
  2. Home
  3. Blog
  4. Jeremy Meachem
  5. Phishing Can Have Multiple Attack Vectors

OnSite I.T. Blog

Categories
Tags
Categories:   All Categories
Suggested keywords
x

Phishing Can Have Multiple Attack Vectors

Phishing Can Have Multiple Attack Vectors

Phishing is a pressing issue for everyone, not just businesses. The main problem is that the phishing messages keep getting more and more sophisticated and keep coming and coming until, eventually, something negative happens. For this week’s tip, we wanted to discuss the different types of phishing you can encounter. 

Before we get started breaking down the types of phishing there are, let’s review what exactly phishing is. 

Phishing is a Social Engineering Attack

Phishing attacks target users rather than the underlying computing network. These days, with the security controls that many organizations pay good money for, it is even harder to access a computing network without legitimate credentials; and, because of this, it is easier (and more cost-effective) to target the end users. 

As a result, these hackers come up with a scam (or many scams, actually) that target people who may have access to a network that carries with it the sensitive information that most businesses have on file these days. Let’s take a look at some of the types of phishing scams.

Phishing Via Email

The phishing email makes up for over ninety percent of all phishing messages in total. Essentially, they are emails that come into an inbox seemingly through legitimate means and end up scamming the recipient to hand over their credentials. Here is some of the most prevalent information about email-based phishing attacks.

  • They Have Attachments - An unexpected attachment in an email can easily be used as a vehicle for malware and other attacks. These can be either individual documents, or in the form of a ZIP file.
  • They Contain Spoofed Links and Senders - Many phishing emails will appear to come from certain senders or websites, trying to take advantage of the inherent trust that these senders or websites have in the public. Paying close attention to these links and senders will help you catch these efforts.
  • They May Have Serious Misspellings and Grammatical Errors - Most professional communications are (or should be) proofread fairly extensively before being sent. Therefore, an email that presents a lot of these issues is somewhat likely to be a phishing scam.

Phishing Via Text Message

A form of phishing message that is sent via text message is called Smishing: The hallmarks of this type of scam include:

  • Messages from Numbers You Don’t Recognize - Messages that come from non-cell numbers can be a sign of a scammer using an email-to-text service.
  • Messages that are Completely Unsolicited - If a message purports to come from an organization and you didn’t prompt any communication with them, take it with a grain of salt and reach out to that organization through another means.
  • It Contains Personal Information - If there are personal details shared in the message itself, it could very well be a phishing scam, as scammers will try to add pressure on their victims.

Phishing Via Phone Call

Getting a phishing message over the phone is called Vishing. Typically the call will try to determine facts about you to which the hacker will use to gain access to your accounts. Here are a few variables to watch out for:

  • Too Good to Be True Offers - Phishers will often place phone calls promising rewards or perks that are unrealistically appealing.
  • Calls from Authorities - If you receive a call from some organization or higher authority, don’t be afraid to question its validity…particularly if they start pressuring you and/or are trying to scare you.
  • Excessive Personal Details - A lot of your information can be found online so if a caller has more information than they should, that’s a red flag.

Social Media Phishing

Nowadays, phishing attacks are carried out through social media as well. To avoid falling victim to these attacks, keep an eye out for:

  • More than One Account - Some phishers will find someone, make a copy of their profile, and start sending that person’s contacts invitations to connect. This is another time you should separately confirm that someone is who they claim to be.
  • Bogus Links - Social media platforms offer phishers a very convenient means to share out links to fraudulent websites, where personal details can be harvested from unwitting visitors.

We hope this little reminder helps. If you have any questions about phishing, or how to ensure that your employees are sufficiently trained to ward off potential phishing attacks, give the IT experts at OnSite I.T. a call at (403) 210-2927 today.

Tags:
Security Hackers Phishing
4 Things You Can Do to Improve Security When You W...
Give Your Business a Second Chance with Data Backu...

About the author

Jeremy Meachem

Jeremy Meachem

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Friday, 17 January 2025

Captcha Image

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you!

Sign Up Today!

Network Assessment

Our network assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Sign Up Today!

Contact Us

Learn more about what OnSite I.T. can do for your business.

OnSite I.T.
429 14th St. N.W. #104
Calgary, Alberta T2N 2A3