What is Phishing?
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure, like ransomware.
The 5 most common types of phishing attacks include:
Email Phishing (most common)
The attackers will register a fake domain that mimics a genuine organization and sends thousands of generic requests.
Spear Phishing
The attackers will send a malicious email to a specific person. With this type of attack, the criminal already has pertinant information about the recipient (name, place of employment, job title, email address)
Whaling
The attackers will send fake liks and malicious URLs from upper management to employees requesting payment or the purchase or gift cards.
Smishing & Vishing
The attackers will either send text messages (Smishing) or call (Vishing) the target. These messages are meant to scare the target with a bank notice, fraud, etc.
Angler
The attackers will use the information from a social media account to persuade people into divulging sensitive information or download malware
Security Awareness Training
Your employees are the last line of defense! Organizations can mitigate the risk of phishing with the help of security awareness training. CSCI can tailor a program that trains your employees with best practices, implements simulated phishing attacks, and report the results.