Too Many Phish in the Sea

Cybercrime is almost as diverse as real-world crime in the realm of theft. Some crooks steal cars, some crack safes – and the same goes for cybercriminals: some steal data and sell it on the Dark Web, some use Ransomware to elicit cybercurrency from the victims.

Even as new criminal methods are developed, existing methodologies continue to evolve and adapt. The #1 vector that cybercrooks use is still some form of Phishing

There are a number of variations on the Phishing scheme. Fortinet dives deep on the subject and lists 19 types of Phishing attacks and gives examples HERE.

Among those explained by Fortinet, the top 4 are:
~ Spear Phishing
~ Vishing
~ Email Phishing
~ HTTPS Phishing

Email Phishing has a noteworthy sub-category that has taken off since 2020: Reply-Chain Phishing, also known as an email chain attack, has been on a tremendous upswing as more employees populate the world’s remote workforce.

Phishing attacks are easier to spot when a new email hits an inbox – it’s out there on its own and an observant and trained user should be suspicious and forward it to their IT services. With reply-chain phishing, the attack enters an established email conversation – usually between participants with a good measure of trust for each other.

This type of attack is only possible when the email credentials of a participant have been compromised. The crook logs in and finds vulnerable email chains the user participates in – preferably one where attachments and/or external internet links are traded back and forth. It is then easy for them, posing as the known user, to send links or attachments containing malware to other participants.

Another danger is that, once in control of the user’s email, they can change the settings so that when a participant who has been infected tries to alert the original user, those emails will go straight into the trash.

Just as you would notice something odd about a new email, pay attention to strange changes in an ongoing email conversation. If you have say, “Wait – what’s this attachment for?” then you need to take a closer look.

10 Phishing Signs to Look Out For

With the uptick in ransomware infections that are often instigated through phishing emails, it is crucial to take proactive measures to help protect yourself and your organization's Cybersecurity.

Having a computer that is up to date and patched makes a big difference in reducing an organization's overall risk of infection.

But being vigilant in detecting phishing emails and educating employees in your organization to also be proactive is a critical step in protection.

1) Don’t trust the display name of who the email is from
Just because it says it’s coming from a name of a person you know or trust doesn't mean that it truly is. Be sure to look at the email address to confirm the true sender.

2) Look but don’t click
Hover or mouse over parts of the email without clicking on anything. If the alt text looks strange or doesn't match what the link description says, don't click on it - report it.

3) Check for spelling errors
Attackers are often less concerned about spelling or being grammatically correct than a normal sender would be.

4) Consider the salutation
Is the address general or vague? Is the salutation to “valued customer” or "Dear [insert title here)”?

5) Is the email asking for personal information?
Legitimate companies are unlikely to ask for personal information in an email.

6) Beware of urgency
These emails might try to make it sound as if there is some sort of emergency (e.g., the CFO needs a $1M wire transfer, a Nigerian prince is in trouble, or someone only needs $5,000 so they can regain access to their millions that are frozen (of course, there’s a big reward for you).

7) Check the email signature
Most legitimate senders will include a full signature block at the bottom of their emails.

8) Be careful with attachments
Attackers like to trick you with a really juicy attachment. It might be a fake icon of Microsoft Excel that isn't the spreadsheet you think it is.

9) Don’t believe everything you see.
If something seems slightly out of the norm, it's better to be safe than sorry. If you see something that seems off, report it to your IT support.

10) When in doubt, contact your SOC.
No matter the time of day, no matter the concern, most SOCs would rather have you send something that turns out to be legit than to put the organization at risk.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed IT Services firm to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
818-805-0909