Phishing attacks have existed since the dawn of the internet. It happens when cybercriminals send someone an email that looks like it came from a trusted source and use social engineering techniques to persuade them to click on a link, download a document or share sensitive information.
According to MCMC, most of the phishing attacks in Malaysia targeted internet banking users and tricked them into revealing their credentials such as personal information, credit card number, account number, or login name and password. Despite being around for nearly three decades, the pandemic has seen 65% of Malaysians report a surge in phishing emails addressed at employees, proving it to be an efficient cyberattack strategy.
Phishing has the potential to bring severe harm and financial loss to those who fall prey to it. Therefore, everyone should be aware of phishing in order to protect themselves and keep their work email secure.
Phishing begins with a falsified email or other forms of communication intended to entice a victim to divulge personal information. In order to appear trustworthy, the communication must appear to have come from a reputable source. If the victim is duped, they will be coerced into providing personal information, which is frequently done through a bogus website. In addition, malware is occasionally downloaded onto the computer of the target.
Identifying a group of people who they wish to target is the first step for cybercriminals. Then they send email and SMS messages that appear legitimate but contain dangerous links, attachments, or lures that trick their intended recipients into performing an unknown and potentially dangerous act on their behalf.
Deception phishing, or email phishing, is one of the most common types of attacks. Using social engineering techniques, malicious actors impersonate a legitimate company and encourage users to click on a link or download a document. Character substitution is also common in email pishing, such as replacing the letter “m” with the letter “rn.”
Usually, the links would lead to websites that would either steal a user’s credentials or install harmful code known as malware. When the victim opens the document, usually a PDF, the malicious code will be automatically installed, infecting their computer with spyware and adware. So, for the most part, it’s best to double-check any email address that asks you to click on a link or download an attachment as a general guideline.
On the flip side, Spear phishing targets a small group of people. Fraudsters use this tactic to trick the recipient into believing that they have a personal connection with the sender by tailoring their attack emails with the target’s name, position, company, work phone number, and other information. This allows attackers to tailor their messages and appear more authentic. This type of phishing attack is frequently used as the first step in an organised attack against a specific company.
Whaling occurs when an assailant targets a “big fish,” like a CEO. Attackers commonly spend considerable time profiling their targets in order to find an ideal opportunity and method for stealing login information. Whaling is especially concerning because high-level executives have access to a wealth of critical firm information.
Whaling attacks are even more targeted as they specifically aim to take out high-ranking officials in corporations and government agencies. As with any phishing attack method, whaling has the same end goal but is carried out in a stealthier fashion.
Smishing and Vishing
Smishing and Vishing are phishing scams perpetrated by using a phone. In both smishing and Vishing, phone calls and text messages have replaced email as the primary means of communication. However, smishing involves criminals sending text messages (the content of which is similar to email phishing), whereas Vishing consists of a telephone conversation.
In Vishing, the attacker usually poses as a customer service representative or an employee of your company in order to gain access to information. New hires are the most common victims of these scams, but they can affect anyone.
Cybercriminals often employ the same tactics regardless of the technology they are targeting. Smishing is the practice of sending text messages that ask someone to do something. People are tricked into providing their personal information by sending them a malicious text message that contains a link to a malicious website.
A company’s or an individual’s personal and professional life can be negatively impacted by phishing. Examples of personal phishing threats and threats at work are:
Nobody wants to fall prey to a phishing scam. However, there are a few things you can do to reduce your chances of succumbing to it. For starters, you should educate yourself on what phishing attacks look like and stay up to date about new pishing techniques.
Always think before you click on a link or download a document. The essence of phishing is tricking people into clicking a link or providing sensitive information through social engineering. So, make sure to check the source and see if it is legitimate and NEVER give out personal information to illegitimate sites.
On the IT side, you can install an Anti-Phishing add-on, install a firewall, and have a Data Security Platform to spot signs of an attack. But, remember, there is no single fool-proof way to avoid phishing attacks!