Four Things You Should Know about Phishing


Thought Leadership

Four Things You Should Know about Phishing

Kristy McDaniel Baia

Phishing campaigns come in many different shapes and sizes. Some are obvious and indiscriminate, luring only the most dubious of victims (like that long-lost uncle who just needs your routing number to give you $100,000). Other are more poised and targeted, only interested in targeting those with big bank accounts or key holders to confidential company documents. Below, we’ve answered some common questions about phishing, how to identify it, and how to prevent it.


What are the most common phishing schemes?

There is no “one” phishing scheme, but all phishers try to make either themselves, their emails, or their malicious websites look as legitimate as possible. That long-lost uncle we talked about earlier? He doesn’t sound so legitimate; unless you have incredibly good luck, and even then you’d think your uncle would want to meet you first. Others are much more sophisticated, downloading company logos and using their color scheme/images in their emails. The point is, they all want to convince someone that they are someone or some entity that that person should entrust their private information with.

What are the different types of phishing?

Spear phishing: This type of phishing targets specific individuals, companies, and organizations to gather personal information. It is a fairly successful method, as it accounts for more than 90 percent of attacks. Spear phishing is still very broad as every hacker is going to have a different audience they are after than the next hacker. However, just because they are broad does not mean that they are not convincing. We’ve seen phishing campaigns take users to websites that are complete with a link to report phishing attempts. Clone phishing: This one is sneaky. Clone phishers replace legitimate, previously delivered email content with malicious content and attachments. They often get away with it by claiming that they are sending an updated version of the previous email. It’s not uncommon for hackers to get access to the previous legitimate email via malware that has already been downloaded. Whaling: Just what it sounds like, whaling is when phishers are after the “big phish.” Common examples include a subpoena being delivered to a CFO for fraud, or a customer compliant to the director of customer service.

What should I be wary of?

Grammatical errors should always be cause for pause. While copywriters and editors may make the occasional typo in their emails (and much to their humiliation when customers start emailing their typos in), companies that phishers try to imitate, like Amazon and MasterCard, can afford to hire good spellers.

Emails that are formatted differently than they normally are also warning signs. It’s one thing for a website or logo to get a facelift. It’s quite another for a company that would normally have purchase information in the body of the email to put it in .zip attachment. And can you remember making that purchase to begin with? Additionally, your credit card company knows your full account number, complete with the exact spelling of your name as it appears on the card, the security code, the billing address, and expiration date. That’s why for authentication, they would never ask you for all of that information. Depending on the scope, they typically would ask for one-two pieces of identifiable information and a security question for verification. And when in doubt, you can always call the company in question and speak to a representative. He or she will be able to tell you if it’s a legitimate email or not.

Is there anything else I can do to prevent a phishing attempt?

Yes! While it’s great to familiarize yourself with the latest trends in IT security, the easiest way to prevent a phishing attempt on your network is to adopt a layered security approach. Although there is no “silver bullet” to prevent malware attempts, like phishing, a combination of email filtering and Web protection solutions can work together to block malware from gaining access to your network. Email spam and virus filtering is an excellent start to keep malware from being delivered email, but what about when surfing the Web? Together, they keep your network safe, so you can focus on more important tasks.