Updated: Mar 26
Emails have been at the core of businesses, with this, criminal networks and fraudsters have taken advantage of the mass use of this communication tool to launch various attacks against ill-equipped unsuspecting users.
A good percentage of the attacks in organizations, whether big or small, have traced their attack vector to emails. These include spoofing corporate email domains, phishing and business email compromise (BEC) scams which have seen companies lose a lot of money in business revenues each year.
Given that we have increased our time online, it is not a surprise to see most of our lifestyle also being digitized. The new change comes with a lot of conveniences as well as some other inconveniences. This is because we have in a way opened our once private and secure environment to some dangerous forms of digital attacks among others phishing. This attack that has been a real pain in whenever the conversation about email security pops up.
What is phishing?
Phishing is an email attack method that is employed with the intent to compromise a system by capitalizing on the weakest element in that system who in most cases happens to be the user.
This method starts with what is referred to as social engineering where the attack masters a few details about the target and relies on cheap attack resources. This explains why this method has become more effective for getting access to corporations and use the users defines privileges to launch an attack and most preferred method to other traditional hacking tools.
How phishing is achieved
a) Phishing happens when one is duped or forced to run a file that has been attached with a malware.
b) When one falls into a trap that asks him to enter their security details. These details in most cases are filled in an online form or a web page that looks genuine or looks like a legitimate entity. When the security details have been harvested, the attacker can now use them to compromise particular system or in some cases, they exchange the details for a monetary gain to any interested third party.
d) Phishing emails can redirect user to genuine site which has been embedded with malicious scripts that harvest user’s security details without the knowledge of the user.
11 Types of Phishing attacks you should check out for in 2021.
1. Email Phishing
These are the most commonly used. They impersonate a genuine institution. They normally do not target a specific individual or organization. To achieve this, the attackers send out generic emails destined to be sent to many emails as which they have harvested in the hope that the common user who happens to be naïve will click on the fake link that has been embedded with the email and initiate the download of malicious file.
2. Spear Phishing
This on the other hand, just like email phishing are scams cast to huge numbers of emails, but to specific and well-known targets. From the outlook, they look to be originating from legitimate senders. With this type of attack, attackers are able to infect users with viruses or coarse targets to give away their sensitive data or money.
Spear phishing is very dangerous as the attacker will target an individual and employ sophisticated phishing campaigns with the aim to infiltrate a target institution or system.
This is a version of spear phishing but the attacker targets a specific high profile user like CFO or CEO. The aim of this method goes beyond the normal high-value monetary transfer to acquisition of company secrets since the person of interest is a well highly valued senior employee.
This is a deceptive class of email that lures an unsuspecting user with the help of using highly decorated offers. They majorly take advantage of anxiety, fear, greed, and temptation to achieve their aim. Users eventually find themselves sharing their sensitive information like account details.
5. Watering Hole Attacks
This is a type of phishing technique on which the attackers identify and troll a particular institution’s most visited websites with the aim to infiltrate their site with malicious codes. Then, they wait to see how their victims will be tempted to fall into their trap laid in these hidden codes.
It is also referred to as piggybacking. This is executed first by staging a social engineering attack which happens physically as opposed to virtually. Example of this could be attacker getting access to a restricted area where sensitive information is stored with the intent to steal the confidential information.
7. SMS phishing
This is also referred to as Smishing attack. It happens when the attacker sends a text message that has a fake link that will redirect the user to opening a phishing site. The intention ranges from getting access to security credentials for financial websites to stealing some other confidential documents.
8. Business Email Compromise (BEC)
This is an email security threat that happens when attackers focus on targeting institutions that carry out wire transfers transactions and have representations who collaborate with them to supply from abroad. Their targets is mostly the executive’s accounts who are known to carry out online-financial transaction on behalf of the company. They people targeted get are sent spoofed emails or malware like key-loggers and once the attackers get hold of their details, they carry out transfers of money from their target’s accounts.
9. CEO Fraud
This happens when the attackers target an institution’s by impersonating the CEO. .The main aim of this attack is to solicit for money or coarse the target to surrendering some confidential data. It is also one of the many types of spear-phishing attacks.
10. Clone Phishing
This mostly happens when target a particular organization by sending copies of a real email communication. The attackers achieve this by cloning a genuine email communication that was received from an existing trusted source. To achieve their goals, they replace the genuine links with their fake links, and sometimes they embed extra links into the body of the message that will redirect the target to their traps for harvesting their information.
11. Website Spoofing
In this attack, the attackers create a fake website that have codes or scripts that steal or sends security details and other information to their servers. To achieve their target, this technique uses a spoofed website that looks the exactly as the one the target uses. It looks real and legitimate. With this, it is easy to convince the user to input his information which is then harvested.
At Ariel Technology Limited, we have partnered with some of the leading vendors offering a variety of Cyber security solutions. One of these solutions, Kaspersky Security for Mail Server which comes with useful features that help protect from all these mail related attacks we have talked about.
The features include:-
• Integrated protection of mail servers from all types of malicious programs
• Efficient protection against spam
• Real-time antivirus protection
• On-schedule scanning of emails and databases
• Protection for Sendmail, qmail, Postfix, Exim and CommuniGate Pro mail servers
• Scanning of messages, databases and other objects on Lotus® Domino® servers
• Scanning of all messages on the Microsoft® Exchange server, including public folders
• Filtration of messages by attachment type.
• Isolation of infected objects.
Please contact us today for any inquiry about the products and services we offer.