Phishing emails are a constant threat to businesses and individuals alike. Hackers use a range of sophisticated phishing techniques to steal data. So it’s important to know exactly what you’re dealing with to ensure you don’t fall hook, line and sinker for a scam. Intellesec highlights some of the most common types of phishing attacks used to bait victims. It should come as no surprise that cybercriminals are highly opportunistic and prey on human weaknesses to achieve their nefarious goals. To give you an example, Google intercepted 18 million phishing and malware emails relating to Covid-19 every day in a single week of the crisis. The combination of more employees working from home and lackadaisical attitudes towards security create the perfect conditions for phishing.
Types of phishing threats
Let’s take a closer look at some of the biggest phishing email threats to be aware of at the moment.
Spear phishing
Spear phishing is a sophisticated form of phishing. Scammers will go to great lengths to personalise their emails using readily available public information (often sourced from social media) to persuade their targets to let their guard down. The aim is to either relieve a recipient of sensitive data like passwords or to trick them into installing malware by accessing a malicious URL or email attachment.
CEO phishing
CEO phishing, also known as CEO fraud or a whaling attack, is when attackers use the compromised email account of a CEO or other high-ranking executive for their criminal activities. This might include authorising fraudulent wire transfers or sourcing sensitive financial details to sell on the dark web. This technique is successful because executives are less likely to participate in security awareness training.
Business Email Compromise (BEC)
CEO phishing falls under the wider banner of Business Email Compromise (BEC). An attacker impersonates someone from an organisation to defraud the company, its employees, its customers or its partners. They may use a spear phishing attack combined with malware to infiltrate and observe organisational habits. Then at an opportune time they’ll send a bogus email to the finance department to issue a fraudulent wire transfer.
Vendor Email Compromise (VEC)
Vendor Email Compromise (VEC) targets an organisation’s supply chain. A genuine business email address is hijacked and monitored, with the fraudsters setting up forwarding rules to collect intelligence. They can then target vendors in the supply chain with perfect timing, instructing them to pay bogus invoices and change payment details. These attacks often evade detection because they use legitimate email addresses.
Why spam filters aren’t enough
Nearly a third of all data breaches (32%) involve phishing, according to Verizon’s Data Breach Investigations Report (DBIR). Why? People. Human error is the Achilles heel of enterprise security and the holy grail of hackers. When you consider that 37.9% of untrained users fail phishing tests, you can see the extent of the problem facing businesses. At Intellesec, we take a two-pronged attack (or should that be hook?) to phishing security.
Cloud-native email security platform
We can provide enterprise grade software that protects against inbound threats and outbound data leaks. Our sophisticated cloud-native email security platform analyses users, their intent, and how they communicate to detect attacks that other products miss. This new generation of context-aware, adaptive security tools enables you to detect and remediate threats quickly and with total confidence.
Anti-phishing simulation and cyber security training
Our state-of-the-art anti-phishing simulation and cyber security training delivers customised programmes to empower employees to make smarter security decisions. Conduct safe and controlled testing over email, phone and text using dozens of real-world phishing templates in 34 core languages. Our security analysts pinpoint your biggest vulnerabilities and provide tailored security awareness training to upskill employees.
Contact Intellesec today
Intellesec protects businesses in the professional industries from cyber attacks, data breaches and phishing threats. We combine the most technically advanced cyber security technology on the market with more than 20 years of industry experience and expertise to keep your business safe from all types of threats, including all types of phishing scams. For more information, contact Intellesec today on 0116 3266123 or email hello@intellesec.co.uk.
