The primary goal of a phishing attack is to steal personal information. Hackers install malware and/or a backdoor on your device, often for the purpose of ransoming data. What makes phishing cyberattacks particularly tricky is that they try to mask themselves as legitimate emails from legitimate sources.
For example, you might see an email that looks like it comes from Microsoft. The only way to tell that something is off is a name with incorrect spelling and grammar. Or maybe, the email looks legitimate but has an email address that is spoofed by one letter or number. Many of these cyberattacks come from overseas and the cyber-criminals don’t have full command of the English language. Phishing is troublesome because phishers just trick you into giving your details away.
Phishers may use real company logos and business emails to make their messages look safe and legitimate. They will do their research and find out who you would click an email from.
Don’t click on any links or attachments in suspicious emails. To check, open up a separate browser and manually type it into the search bar. Pop-ups are notorious for housing viruses and scams. They may display a message about your computer being infected with malware. They offer you a link or phone number for help, mimicking trusted sources. To counter these threats, make sure you read the pop-up message closely.
A phishing test is when your IT team or your managed service provider (MSP) creates fake phishing emails and web pages which are then sent to employees. This test reveals how many of your employees are still susceptible to an attack. We at Commprise can help to educate the affected employees to avoid this mistake in the future.
2. Brute Force
A brute force attack is when a cybercriminal attempts to breach password security by trying to log in over and over again. This is done using a program to auto-generate likely passwords, then repeatedly, sometimes thousands of times per minute, try alternates until something works.
- Sequential Attack — This is when the attacker goes through various character/number combinations.
- Dictionary Attack — When the intruder tries to break through password security using a “dictionary list” of common words relevant to your organization.
- Rainbow Tables Attack — While dictionary attacks are optimized for words, rainbow table attacks are optimized for commonly used passwords. In general, brute force attacks are far less effective than they used to be. Now, most systems limit the number of password attempts allowed in a given session.
3. Traffic Interception
4. Social Engineering
This is where the intruder tries to schmooze information from you or your employees. These attempts can be made in emails, over the phone, and even in person.
5. Man in the Middle (MITM)
A man in the middle (MITM ) occurs when the attacker puts themselves in between the communication of a client and their server.
When the laptop sends a request to connect, it might actually be a spoofed one created using a WiFi pineapple. The "man" could be a malware proxy that was installed on your computer.
This method of attack is when a keylogging software saves a log of all the physical keystrokes that you type. This is then sent back to the attacker and examined.
Strengthen Your Front Line of Defence
Our IT Security and Compliance Audit services take some weight off your shoulders, allowing you to dedicate less time worrying about threats.