Phishing is a major internet security concern affecting millions of people every year and causing billions of dollars in damage. Furthermore, phishing attempts have become 65 percent more common in just the last year.
Phishing attempts can occur regularly, and look as though they’re sent from legitimate companies. They’re often made to resemble banks, Apple, Amazon, and other large, well-known businesses, and sometimes the only thing that identifies them as a phishing attempt is a typo or a slightly altered logo.
Computers and antivirus software offer limited protection against phishing, as do online tools such as email checkers and the like, but that isn’t enough to keep you safe against current phishing techniques. This article will cover some of the most common phishing tactics in 2019 and how you can protect yourself and your employees.
Phishing via Messaging Applications
Phishing is most commonly associated with email, but it can be even more effective over platforms like Facebook Messenger and Slack. Users are generally less vigilant when checking the messages they receive, and these applications don’t filter content like most email clients.
There are a number of third-party apps that provide additional protection from phishing on messaging channels. You should also consider including information about this type of phishing when training employees.
Like phishing over messaging applications, most internet users are less likely to notice phishing attempts that impersonate software as a service providers like Google and Office 365. We don’t consider this information as private as things like banking data or card numbers, but it can do just as much damage in the wrong hands.
While you can hopefully avoid providing this sensitive information to scammers, you can protect yourself and your employees by enabling two-factor authentication on all accounts. Even if a password is compromised, your SaaS accounts will be safe as long as your phone and email accounts are secure.
Most traditional phishing attempts use a link or attachment to lead recipients to a malicious website or file, but new interactive attacks can catch users off guard and often seem much more believable than conventional phishing attempts.
Rather than including attachments or links at first, many of these attackers start with an innocuous message and only later ask recipients to click on anything. Information breaches over the last few years have given hackers access to information that allow them to effectively impersonate co-workers, bosses, or other trustworthy people in your life.
In response to the growth of interactive phishing attempts, some businesses ask their employees to send and respond to inquiries via multiple platforms. If an employee receives a question over email, for example, have them send the answer over text, Slack, or another channel that an attacker wouldn’t have access to.
Phishing attacks are more varied and sophisticated than ever before, and businesses need to be doing everything possible to protect their information. Simply being aware of these common phishing tactics will help you develop more effective training processes and keep you and your employees safe.
About the Author: