Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

rganizations. The aim behind these cons tends to be access to financial or logistical controls or permissions to gain entry into computer networks at an admin level.</p><p id="6acc">Usually, more research and preparation goes into a whaling attack. Basic knowledge of the target is rarely enough. Attackers will, in addition, attempt to adopt the persona of another executive within a large company or as an executive for a service provider the company has a contract with, such as a managed IT support provider or financial institution.</p><h1 id="6d3a">Vishing</h1><p id="049e">This term is short for “voice phishing,” in which criminals attempt to exploit a victim over the phone.</p><p id="301c">In a vishing attack, a scammer will often try to impersonate a senior employee from within the company or a trusted associate business like a bank or IT service provider and attempt to get the victim to reveal sensitive information. They may ask for account information and login details, or they may refer to a phishing email sent earlier in hopes they can convince the target to treat the email as legitimate and, thus, install whatever malware may have been hiding there.</p><p id="caf1">On occasion, a <i>visher</i> may impersonate a new employee in an attempt to gain credentials into a secured system.</p><figure id="3190"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*PuylJNWPcPxx5s-X"><figcaption>Photo by <a href="https://unsplash.com/@stereophototyp?utm_source=medium&utm_medium=referral">Sara Kurfeß</a> on <a href="https://unsplash.com?utm_source=medium&utm_medium=referral">Unsplash</a></figcaption></figure><h1 id="40b9">Smishing</h1><p id="a173">Along similar lines to vishing, attackers who use smishing rely on SMS text messages as the avenue for their scam. They may include a link in the text message that would install malware or spyware on a mobile device such as a phone or tablet. From there, they could make their way into a company’s network to wreak all manner of havoc.</p><p id="245b">Smishing will often convince a victim to respond by sending an alarming message such as “Your account has been suspended” or “Suspicious activity has been noted on your account. Click here to confirm your login and password.”</p><p id="59bf">If the message is pretending to come from a bank, credit card, or other personal services, a victim might react quickly out of panic before stopping to consider if the message is legitimate or not.</p><h1 id="a9ba">Business email compromise (BEC)</h1><p id="f420">A business email compromise (BEC) scam is a particular type of attack that goes after key executives in a business’s finance departments. Usually using an email format, a BEC succeeds by impersonating a CFO and CEO who then issues directives designed to open the business — particularly its finances — to exploitation.</p><p id="d0c3">A BEC usually requires that the attackers first compromise a senior executive or financial officer’s email account. The BEC attack is often accomplished thanks to a previous spear-phishing attack, which then took advantage

Options

of a network vulnerability.</p><figure id="7eb5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*Up3hS8X1J0decCFb"><figcaption>Photo by <a href="https://unsplash.com/@sigmund?utm_source=medium&utm_medium=referral">Sigmund</a> on <a href="https://unsplash.com?utm_source=medium&utm_medium=referral">Unsplash</a></figcaption></figure><h1 id="b51e">Building a strong defense</h1><p id="46ee">The sad fact is, phishing attacks are becoming more common and sophisticated. To stay ahead of the threat, everyone needs to practice robust security measures. That means making sure employees at <i>all</i> levels of a business follow the same security protocols:</p><ul><li>Strong password generation</li><li>Not sharing passwords</li><li>Not providing sensitive information unless it’s verified safe</li><li>Knowing how your organization is structured and who has access to sensitive material and who does not</li><li>Regular virus and malware scans</li><li>Updated firewall protection and threat detection software</li><li>Secure backups of essential data</li><li>Regular cybersecurity training for everyone</li></ul><p id="58e8">There is no guarantee these attacks will never be successful just by following the above, but it will make successful attacks more difficult.</p><p id="5d6a">And you may be one of the lucky ones never to suffer a successful attack at all.</p><div id="6c33" class="link-block"> <a href="https://readmedium.com/7-immediately-actionable-ways-to-prevent-ddos-attacks-86de05ef3b71"> <div> <div> <h2>7 Immediately Actionable Ways To Prevent DDoS Attacks</h2> <div><h3>Distributed Denial of Service attacks don’t have to be inevitable.</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*-0k-DK47r9yjivhj)"></div> </div> </div> </a> </div><div id="d558" class="link-block"> <a href="https://readmedium.com/covering-your-rear-cybersecurity-for-gamers-9b8f11b28fc5"> <div> <div> <h2>Covering Your Rear: Cybersecurity for Gamers</h2> <div><h3>Nuke cybercriminals looking to wreck your fun</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*FG0h5KGURuNM-WMh)"></div> </div> </div> </a> </div><p id="b3f7"><i>Thank you for reading. I’d love to share more with you via my <a href="https://mailchi.mp/5b9666ece8ef/wordsbyjohnsub"></a></i><a href="https://mailchi.mp/5b9666ece8ef/wordsbyjohnsub"><b>Bi-Weekly Word Roundup</b><i></i></a><i> newsletter sent to subscribers every other Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.</i></p></article></body>

5 Ways Targeted Phishing Scams Try To Hook You

Here’s how to recognize different types of attacks.

Phishing incidents are on the rise. As one of the most common forms of cyber threat infesting the Internet today, its threat to individuals and businesses of all sizes is not something easily or wisely ignored.

Like its homonym, “fishing,” phishing casts a wide net by going after multiple email accounts with fraudulent or misleading language designed to trick recipients into revealing sensitive data or into clicking a link or downloading an attachment that installs spyware, ransomware, or other malware.

In its most common form, phishing will try to take the form of legitimate business communication the user might expect from a trusted entity such as a bank, credit card company, PayPal, or Amazon. Sophisticated phishing attacks will even use the same logos and color scheme of the entity they’re impersonating.

“Targeting phishing,” as the name implies, goes after more specific targets in its attempt to infiltrate business networks or otherwise hook a high-value individual.

Here’s how to recognize a targeted phishing attempt when it happens.

Spear Phishing

Spear-phishing involves using malicious emails sent to a specific person within an organization in hopes of either gaining direct access to a system or tricking them into clicking on a harmful link or installing malware.

The individual is often someone who already has regular contact with people outside of the business, such as a customer service representative, purchasing department member, or receptionist. Cybercriminals who apply spear-phishing techniques will perform some background research beforehand, so they are familiar with the target’s full name, job title, contact info, and range of duties. They may even take the extra step of learning the names of that person’s co-workers or immediate supervisors.

Whaling

Whaling is very similar to spear-fishing as far as the attack approach goes. The main difference is that instead of aiming for someone relatively low in the company hierarchy, they go after the “big fishes” such as managers, CFOs, COOs, and other executives who have the authority to make strategic decisions for their organizations. The aim behind these cons tends to be access to financial or logistical controls or permissions to gain entry into computer networks at an admin level.

Usually, more research and preparation goes into a whaling attack. Basic knowledge of the target is rarely enough. Attackers will, in addition, attempt to adopt the persona of another executive within a large company or as an executive for a service provider the company has a contract with, such as a managed IT support provider or financial institution.

Vishing

This term is short for “voice phishing,” in which criminals attempt to exploit a victim over the phone.

In a vishing attack, a scammer will often try to impersonate a senior employee from within the company or a trusted associate business like a bank or IT service provider and attempt to get the victim to reveal sensitive information. They may ask for account information and login details, or they may refer to a phishing email sent earlier in hopes they can convince the target to treat the email as legitimate and, thus, install whatever malware may have been hiding there.

On occasion, a visher may impersonate a new employee in an attempt to gain credentials into a secured system.

Smishing

Along similar lines to vishing, attackers who use smishing rely on SMS text messages as the avenue for their scam. They may include a link in the text message that would install malware or spyware on a mobile device such as a phone or tablet. From there, they could make their way into a company’s network to wreak all manner of havoc.

Smishing will often convince a victim to respond by sending an alarming message such as “Your account has been suspended” or “Suspicious activity has been noted on your account. Click here to confirm your login and password.”

If the message is pretending to come from a bank, credit card, or other personal services, a victim might react quickly out of panic before stopping to consider if the message is legitimate or not.

Business email compromise (BEC)

A business email compromise (BEC) scam is a particular type of attack that goes after key executives in a business’s finance departments. Usually using an email format, a BEC succeeds by impersonating a CFO and CEO who then issues directives designed to open the business — particularly its finances — to exploitation.

A BEC usually requires that the attackers first compromise a senior executive or financial officer’s email account. The BEC attack is often accomplished thanks to a previous spear-phishing attack, which then took advantage of a network vulnerability.

Building a strong defense

The sad fact is, phishing attacks are becoming more common and sophisticated. To stay ahead of the threat, everyone needs to practice robust security measures. That means making sure employees at all levels of a business follow the same security protocols:

Strong password generation
Not sharing passwords
Not providing sensitive information unless it’s verified safe
Knowing how your organization is structured and who has access to sensitive material and who does not
Regular virus and malware scans
Updated firewall protection and threat detection software
Secure backups of essential data
Regular cybersecurity training for everyone

There is no guarantee these attacks will never be successful just by following the above, but it will make successful attacks more difficult.

And you may be one of the lucky ones never to suffer a successful attack at all.

7 Immediately Actionable Ways To Prevent DDoS Attacks

Distributed Denial of Service attacks don’t have to be inevitable.

medium.com

Covering Your Rear: Cybersecurity for Gamers

Nuke cybercriminals looking to wreck your fun

medium.com

Thank you for reading. I’d love to share more with you via my Bi-Weekly Word Roundup newsletter sent to subscribers every other Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.