Learning how to spot phishing is the best way to fight an impending attack and protect your organization from one of the top cyber threats in the world. However, hackers and cyber scammers have become proficient in masking their intentions – and their trails – behind seemingly legitimate email messages and website properties. This article will help you uncover what to look for and how to respond once you have identified a scam.
Here is what you need to know to discover how to spot and fight a phishing attack:
Defining Phishing and Identifying Phishers
The name “phishing” itself is a broad term used to describe a collection of social engineering infiltration techniques designed to meet an even broader range of end goals. To better understand it, one needs to understand what defines social engineering in a cybersecurity context – an attack that relies on gaining the victim’s trust and dissuades them from suspecting malicious intent.
The cybercriminals that employ phishing attacks (sometimes colloquially called “phishers”) similarly come from all types of backgrounds and use the technique to act on any number of goals. This includes amateur hackers as well as sophisticated syndicates that work side-by-side with (or for) government espionage agencies. The bar for entry is often low since dark web marketplaces sell toolkits and templates that anyone can purchase, recycling solutions and strategies that have already proven effective in the field.
What is Business Email Compromise?
A business email compromise (BEC) is an attack that, as the name implies, uses a spoofed email containing ostensibly legitimate factors (of varying plausibility) designed to trick the victim into responding back with sensitive information or clicking a link leading to malware. They are often identifiable via glaring typos or other mistakes, although many scammers have applied increasing sophistication to their emails.
What is a Phishing Domain?
A phishing domain is a website or individual webpage that, much like an email spoof, mimics a legitimate web property in order to get a victim to download malware or enter their information without realizing. Several cybercriminal developers have built convincing replicas of web portals such as a Microsoft 365 or Office 365 login page that will collect credentials and use them to breach shared OneDrive data storage.
What Phishers are Looking for
Phishing is used as a vehicle to achieve all manner of compromise, though what a hacker is seeking can affect the level of severity of the threat they pose, as well as how fast that severity can escalate until it is noticed.
Data
Exfiltrating data is generally one of the easier tasks for hackers to accomplish, not only because there is so much of it that it can be hard to uncover before it is too late, but also because taking away control of it creates the opportunity to ransom it back. Cybercriminals are aware that besides the immediate loss risk, reported noncompliance can quickly incentivize a victim to pay up.
Wire Fraud
Directly stealing money through phishing can actually be tougher than you would expect, but the most surefire method is by wire fraud, specifically by getting someone with authority to send the payment to an account under the attacker’s control. This is typically done by sending a spoofed email or SMS message at a key point to redirect where the funds are sent, then quickly withdrawing the money before the bank managing the transaction is alerted.
Malware Infection
Malicious hyperlinks frequently prompt a download of aptly named malware, which is software that passes control of critical functions in your system to the hacker that sent it. Historically, this took the form of damaging virus infections but have increasingly transitioned to ransomware extortions.
The Link Between Phishing and Ransomware
Phishing in all its various forms (vishing, smishing, etc.) is one of the top methods used to deliver a ransomware infection, with over half of IT professionals claiming it is the biggest culprit. While some gangs have managed to breach networks through physical access, remote phishing is the easiest vector to scale, especially since many attackers are based overseas.
Ransomware Gangs and Nation-state Hackers
There are many foreign ransomware groups that have a close relationship with the intelligence services of their host nations, with quite a few being a direct part of those agencies, and thus are deployed clandestinely against opposing targets. Russia is one of the best examples of this trend, and its reach is reflected in the impact of cyber attacks against Ukraine, the US and other targets. As tensions between these nations as well as the NATO member states continues to escalate, so too will the rate of phishing attacks.
How to Spot a Phishing Email or Domain
The only good news about phishing is that a majority of attempts reman “drive-by” attacks with spoofed emails with typos and obviously suspicious redirect hyperlinks. However, you should not take for granted how easy it is for you or your employees to overlook a well-hidden misspelling, or that hackers are gradually improving their methodologies. When in doubt, it could help to directly contact the message sender outside of the original email and double-check the details, and avoid clicking on anything up to the message window itself if there are any red flags.
Phishing Defense and Recovery Solutions
Policy and education are the best protections against cyber scammers, but SWK Technologies can provide several solutions and services that will augment your user security should gaps appear. This includes everything from basic MFA (multifactor authentication) and modern antivirus to backup software and in-depth training.
Datto
SWK offers several Datto BCDR (business continuity and disaster recovery) solutions – including SIRIS, Alto and Backupify for Microsoft 365 – that will help ensure that your data remains safe even in the event of a breach.
Acronis
Acronis business continuity solutions combines modern backup services with other proactive cybersecurity tools such as antivirus, antimalware, endpoint protection and threat detection powered by an AI behavior-monitoring engine.
DUO
Deploy a seamless, near-unintrusive MFA solution in with DUO, available whether your systems are in the cloud, still on-premise or a mixture of both. DUO authentication can be accessed on a desktop or mobile app and offers multiple options, from push notifications to passcodes.
Microsoft
Microsoft 365 and Azure provide several native and integrated cybersecurity controls, including built-in MFA and threat detection. Talk to SWK’s Microsoft experts today to learn how you can enable these toolsets in your Office 365 environment.
SentinelOne
SentinelOne is a next-generation antivirus that not only offers advanced endpoint protection, but also end-to-end visibility into your IT health (including potential threat activity). As of 2022, this tool is available to SWK customers on a Network Assurance plan.
360 Cyber Guard
360 Cyber Guard is an SWK cybersecurity solution that incudes multiple services, such as security awareness training, education, and testing for real-world scenarios with simulated phishing attacks. Additional options provide vulnerability assessments as well as proactive monitoring of dark web activity around your existing email accounts.
SWK Will Help You Identify and Fight Phishing
Learning how to spot phishing is a necessary skill for the modern business world, but you don’t have to do it alone – managed service providers (MSPs) like SWK Technologies are here to help you educate yourself and your employees on fighting back against phishers. Check out some of our educational materials to learn more about identifying attacks, and contact us when you’re ready to dive deeper into phishing defense solutions.
Download our free datasheet and infographic resources here and educate yourself on how to better spot and fight back against phishing.
Learn More About Spotting Phishing