Phishing attack is a cybership strategy that seeks to deceive users in order to get some benefit. This attack is more common through fake emails, but can also be made in banners and ads present on websites, social networking messages, calls and SMS.
Targets of these attacks can be ordinary users in search of accounts of login of accounts, banks, cards and portals, and even companies to perform financial transactions.
With the help of social engineering, criminals use gimmicks and disguise it as companies, brands and people who are aware or conviviality of the victim. Understand better how social engineering works with this video:
In most cases, the main objective of this attack is that the victim provides confidential data such as personal documents, bank information, passwords, confidential files, among others.
Another strategy used within Phishing is malicious links, which when accessed make the victim redirected to a fake site or install files with viruses and malware.
How this blow can reach your business
Phishing targets are usually not specific and may cause various damage to a company . This is a type of attack that can be present in various locations and reach any type of user. Here are some ways:
Common phishing
This tactic is broader and has no specific target. In this phishing attack a mass email shot is made and may be disguised as a company, group or service that may be known to the victim. As it is a broader blow, the criminal only has the chance and luck to collect user information , or install malicious files that may favor other types of attacks.
Spear phishing
This type of attack is directed to a specific group of victims. In this case, it can be carried out against employees of a company, customers of a brand, government agency, among others. The purpose of this type of phishing is to access confidential data such as confidential files, user and customers information or financial reports.
Phishing Clone
With this attack, cybercriminals make an identical copy of a legitimate site to attract their victims. They can create websites from large companies, e-commerce, government pages, banks, or any institution that has great users access . With this, the user ends up confusing, accessing this page and entering their personal information, such as the number of accounts, passwords, access data, personal documents, among others.
Whaling
Originally from the word Whale, this type of attack is focused on reaching people with more relevance, purchasing power, visibility or holding high level positions in companies. They can seek to collect information from CEOs, directors, managers, etc. To arouse the interest of the victims, these attacks can bring false notifications about the company, as judicial subpoenas.
Vishing
Like conventional phishing, this attack also seeks to collect confidential and personal data from the victims. However, it is made with a direct voice connection on the victim's phone.com a convincing approach, this attack can fool the victim and get financial advantages through fraud.
Smoking
Using the SMS service, this type of phishing attack seeks to make the user access a malicious link that indicates that the user must open to obtain a prize, check access information, check out an extrajudicial notification or receive some value.
Phishing through social media
Irresistible promotions, discount and marking campaigns in publications, they are all resources used for a phishing attack on social networks. Using false profiles from large companies, these criminals seek to request data and information from the victims, and even require fraudulent payments .
Which companies can be phishing targets?
In general, there is no “ideal profile” of a company that can suffer a phishing attack. Virtually all companies that have any process or system connected to the internet can be targeted. For this reason, more and more users may be subject to all types of cyber attacks, and it is essential that the company has an Internet usage policy that helps increase the safety of your information and protect your devices to the best possible way.
Employees need to be very aware of the use of the internet in the company and know how to identify possible traps that may cause some judgment to the business.
In addition, the company can also use access control tools that help maintain this type of threat away from users and avoid improper access, such as entertainment sites, social networks, e-commerce, among others, which increase the chance of users fall into this type of scam.
Since phishing targets are not specific , it is very important for all businesses to find intelligent ways to protect their resources and information.
Is protection possible?
The main tip for protecting yourself from this type of scam is to pay close attention to the content received without request, anonymous, that present a sequence of meaningless letters and numbers, spelling and grammatical errors, etc. These are the main warning signs that perhaps the content is a trap.
In the case of emails received on behalf of friends or co-workers, it is also important to pay attention to warning signs , such as: if writing is compatible with the profile of the person who is sending you, if he cites his name, if it presents generic content, among other information.
It is very common for phishing emails to contain "if this email is not answered within 48 hours, your account or access will be canceled." This type of email usually contains links to pages or or forms to enter your information .
As we said earlier, your business can count on an efficient internet access control tool that helps you avoid some access that can carry virtual traps.
