Phishing Tactics That Work

March 19, 2020 | Posted in:


Posted by Mark Benton

The cybercriminals have small businesses in their crosshairs. Verizon's Data Breach Investigative Reports states phishing is the number one cause of data breaches and 43% of cyberattacks are targeted at small to medium-sized businesses (SMB.) The frequency of attacks is on the rise and in today's COVID-19 environment, cybercriminals see this as an advantage and are taking the opportunity to attack.

phishing2The reality is, cybercriminals target any organization with sensitive data. Spammers and cybercriminals have learned that the more precisely they craft their emails, the more likely you are to click. Once this happens, they will download their malware on to your system and hold it for ransom.

What's the difference between spam, phishing, and spear-phishing emails?

  • Spam: These are unsolicited emails typically trying to sell you something legitimate, or not, and may contain malware or malware hyperlinks. Mostly these are an annoyance.
  • Phishing: Is targeted at a wide range of recipients ("Click Here to Get Free Pizza") specifically crafted to get you to click, to get your login credentials, or to deliver a malware payload.
  • Spear-phishing: Has the same criminal objective of a phishing email, however, it is specifically designed to get your attention. The email may look as if it came from someone you know or an organization you do business with. It might contain information that you believe only you and your friends would know about; like the vacation you took to Aruba where you uploaded your photos to Facebook. The criminal’s goal is to have you drop your guard and respond.

One more important term that you may not be aware of is the Time Bomb. This term is used in conjunction with phishing or spear-phishing attacks. Cybercriminals know that most organizations use spam filters. These filters attempt to verify the reputation of inbound emails and any links contained within them. In these emails, clean URLs are incorporated to avoid being initially blocked or lost in spam filters. Some time after the email makes it to your Inbox, they activate the malware in what was initially a clean URL. Now when you click on the URL link, you become infected.

What should your organization do about spam, phishing, and spear-phishing emails?

  1. Ensure all members of the organization get annual security awareness training. This training will help them understand what phishing emails are and how to protect themselves and your organization from them.
  2. Investigate whether your spam filter has multiple methods for scanning and verifying the reputation of inbound emails.
  3. Consider implementing an additional layer of security to rescan external email links when a user clicks on one.
  4. Ensure your files are backed up securely, and, importantly, your backup process is working. No business wants to hear their backups are over a month old.
  5. Have your Business Continuity Plan reviewed annually and tested. A well-developed BCP will help reduce the chaos during any business crisis.

Cybercrime is lucrative, and spam and phishing emails are one of the cybercriminals favorite tactics. It can be tempting, but be wary of offers to view clever graphics about the novel coronavirus outbreak. During this time, ask your staff to remain vigilant when reviewing emails on their devices. In addition, implement the tools that will help protect them against known phishing attacks.

For more information, get in touch with your Account Manager or connect with Systems Engineering at 888.624.6737 or info@systemsengineering.com.

Stay current on the news and events to keep your remote workforce productive and secure by visiting our COVID-19 Resource Portal.