How do I spot and stop phishing attacks? - One2Call

Introduction

Phishing is a serious issue with a frivolous name.

According to the UK Government 83% of successful cyber attacks on businesses in 2021 came from phishing attacks. It's impossible to ignore as a major threat to your business.

But as we'll find out in this module, phishing isn't just one thing. It's an umbrella term that covers a wide range of different types of socially-engineered cyber attacks focused on the user, rather than the device.

In this article, we'll break down some of the most common phishing methods and how they work, and look at what can be done to prevent your business from becoming a victim.

Common Phishing Methods

As mentioned above, phishing is an umbrella term referring to a whole range of different attack methods.

Thankfully AJ has put together this excellent video to run you through some of the most common types.

This includes:

• Email Phishing
• Domain Impersonation
• Email Spoofing
• Name Spoofing
• Account Takeover
• Phone Phishing / Scam Calls
• SMS Phishing
• Language & Format
• Brand Spoofing
• Change Validation
• Extortion
• Sextortion
• Fake Attachments
• Fake vs Real Links
• Phishing Message Examples

Use the chapter markers in the progress bar of the video to jump straight to the section on each attack type.

Targeted Attacks Explained

Spear Phishing

In addition to these more general attack types there is a range of very specific and targeted attack types, usually referred to as Spear Phishing. This is because the attack is tailored to a specific individual, usually someone with high level IT access or sign off on company funds. Spear phishers often use data gathered from laying dormant and undetected after a previous successful attack on your network, email inbox or another person's inbox with whom the victim frequently communicates.

Stopping Phishing Attacks

There are a few key elements that make phishing attacks tricky to detect for traditional antivirus programs:

• Attacks often come from trusted email accounts that have only just become compromised.
• Attackers often lay dormant and undetected while they gather information
• Attackers will gradually insert themselves into existing email threads, making detection difficult.
• Your own account could be being monitored, with an attack link only being inserted at the specific point of attack.

When your cyber security software is only checking for suspicious email addresses, IP addresses, links and known attack methods, or specific phrases common to known phishing attacks, it can be difficult to spot these more tailored attacks.

Modern Anti-Phishing Tools

AI-powered anti-phishing software

Which is why a new breed of solutions has emerged. Modern anti-phishing solutions are directly connected to your inbox in order to protect you from inbound threats, outbound theats, and threats that are already in your inbox.

This new breed of solution uses artificial intelligence to create a model based on how you use your emails, who you send to and when, even the type of language you use. This model is then used to spot anomalies potentially inserted

These modern AI-powered anti-phishing services, when applied alongside traditional antiviruses (which will still protect you against a wide range of attack methods), will greatly improve your ability to protect your business against phishing attacks.

Key Takeaways

• What the most common phishing attack methods are.
• How to protect my business against phishing attacks.

Security Awareness Training bolsters your resistance to common phishing attacks.

Further Reading

• What is a "human firewall" and how does it protect my business?
• What are DMARC & DNS and how can they protect my business?
• What is the Dark Web and how does it threaten my business?
• How do I browse and work safely?