Phishing attacks are becoming more and more popular. This means cyber security has never been more important . To quickly recap, phishing is the use of a fake domain, designed to mimic a real organisation. The criminal sends thousands of generic emails requesting money, personal information, account access, etc. They’re typically quite easy to spot, especially with adequate training. But many other types of phishing are a little harder to avoid and with our modern, remote workplace growing by the day, a modern workforce needs to be up to speed on these threats.
Essentially phishing 2.0, this is less generic and typically incorporates details such as the victim’s name, job role, specific information about the role, and place of work in order to build trust. Awareness training and taking care not to post personal or corporate information on social media can help. Minimising the use of email and communicating entirely via a tool like Microsoft Teams is also wise.
Potentially one of the most lucrative types of phishing. It's like spear phishing but more targeted and aims to steal senior executives’ login details. Then a criminal can make unauthorised wire transfers to their chosen account. Along with training, consider adding multi-factor authentication into all financial authorisation processes. This means an attacker will need more than just an email to authorise payments.
These types of phishing attacks are carried out via social media. Either via instant message or social post, a criminal will encourage a social media user to download malware or give up sensitive information. Often, information users give up on social media can help make these attacks more targeted. A strong WFH policy on appropriate social media use can be the best answer to angler phishing, along with cyber awareness training.
An attacker looking for new types of phishing might ditch the computer entirely and call their victims. Impersonating technical support claiming an account breach and disguising a phone number to look like it’s from a favoured area code are typical techniques. To minimise the chances of your employees giving up valuable details, a cloud telephone system can show any suspicious caller IDs.
The sibling to vishing, these types of phishing attacks focus on a target’s phone to send them text messages with malicious links. These links are typically designed to trigger malicious app downloads, present the user with data stealing forms, or get the user to contact a fake tech support – whereby the scammer will ask for personal details. As with vishing, to defend against these types of phishing attacks, companies can tell employees to avoid and/or research unknown phone numbers.
These types of phishing attacks are threatening our modern workplace now more than ever. However, by following a number of security best practices and learning how to work optimally in the modern workplace, these types of phishing attacks can be avoided.
Download our Modern Workplace eBook and start preparing your team for any security threat it may face.
If you’d like to work with an award winning team, contact one of our experts today.