Ensure employees at every level of your organization (including the C-suite) are aware of these common phishing attacks.

While many employees are familiar with the term “phishing,” this doesn’t discount the fact that this form of cyberattack is still one of the more effective means of obtaining confidential information and in turn, gaining access into a company’s innermost workings. According to a stat from a Verizon data breach report, a whopping 30 percent of phishing messages are opened, and 12 percent of those are clicked on, opening the user’s computer up to all types of viruses and malware, which can then be propagated across an entire corporate network.


fish on hook

Top 5 phishing scams to look out for

With phishing attacks still being very alive and well, we thought it would be beneficial to highlight some of the more common attacks so that you and your team can begin to spot them before they cause any damage to your organization’s confidential data and networking infrastructure.

1.  Deceptive Phishing

Deceptive phishing is the most common form of phishing attack. It refers to a scenario where hackers attempt to impersonate a legitimate company to steal personal data or login credentials. Fraudsters do this by sending an email that looks authentic that then prompts the recipient to click on a link that takes the user to what looks like a legitimate website, but, is a front for a criminal enterprise.

To guard against these attacks, users should always monitor the contents of their email carefully as well as the URLs of any sites that they go to in a browser. Beware of URLs that look like legitimate websites but are slightly different. Also look for spelling and grammatical errors; these can be a warning sign that the email you received is a fake.

2.  Spear Phishing

Spear phishing is like deceptive phishing except for these emails appear personalized, often featuring the target’s name, email address, and occasionally other information such as their company and job title.

The goal of these attacks is the same as deceptive phishing. They try to lure a person to click on a malicious link, but spear phishing attacks can be harder to spot.

Companies should conduct regular security training that covers the common types of phishing scams and how to avoid posting sensitive information on social media, which can then be used in these attacks.

3.  E-cards

Many phishing scams try to play on human emotion, and the e-card is no different. A video from PhishMe indicated that response rates passed almost 25 percent for e-cards and close to 50 percent for Valentine e-cards in particular. This shows the strong pull of emotional responses, which can really cloud our better judgment when it comes to phishing scams.

4.  Whaling attacks

Spear phishing attempts that target high-level executives are often referred to as ‘whaling’ attacks. These attacks attempt to steal login credentials from high-level executives that can then be used for all sorts of nefarious acts. Attackers, for example, may attempt to impersonate an executive and initiate wire transfers.

These attacks can often be effective because high-level executives often don’t participate in security awareness training, leaving them extremely vulnerable. Be sure that all your employees – from the C-suite down to the front lines – participate in regular cybersecurity training to reduce the chances that these types of attacks could have disastrous consequences for your business.

5.  Dropbox Phishing

This type of phishing attempts to gain access to a user’s Dropbox login credentials by sending an email that when a link is clicked sends the user to a fake Dropbox login page. Once these credentials are entered, the hacker instantly has access to any sensitive information that’s being stored in the cloud.

It’s important to encourage all users to utilize two-factor authentication on their Dropbox and other cloud-based accounts to prevent these types of attacks. While this attack references Dropbox in particular, it could also affect other popular cloud storage services.

Worried that your organization doesn’t have adequate security training in place?

After reading about these common phishing attacks, are you concerned that your organization may not be adequately prepared against these ingenious scams? If so, feel free to reach out to MessageOps to learn more about our cybersecurity training offerings. Find out about IRON SCALE, our email phishing prevention service that can help to ensure your organization is constantly making strides to spot and react to the ever-changing cyber threats that companies of all sizes are confronted with daily.

Was this article helpful?