How to Recognize and Protect Against Phishing Attacks

When it comes to preventing phishing attacks and other cybersecurity attacks, education is critical.

Datto Guest Blogger

November 2, 2020

3 Min Read
Phishing attacks
Getty Images

It seems that cyber crime has become a part of everyday life, and hackers are using any opportunity to take advantage of an unknowing victim to gain access to personal information for financial gain. As gatekeepers to the data of today’s small and midsize businesses (SMBs), managed service providers (MSPs) are also becoming increasingly targeted by these attacks.

Phishing attacks are one of the most common. Phishing is an umbrella term for attacks that are typically delivered in the form of an email, chat, web ad or website that has been designed to impersonate a real person, system or organization. Attackers craft phishing messages to deliver a sense of urgency or fear with the end goal of capturing an end user’s sensitive data. This can result in wire transfer fraud, credential phishing, malware attachments and URLs leading to malware spraying websites.

One of the best ways to avoid phishing attacks is to understand what kinds of attacks exist and how best to spot them. Here are a few of the main types of phishing attacks you and your teams should be aware of:

  1. Spear phishing: Spear phishing is an attempt to gain access to credentials or financial information from a targeted individual, and attackers often pretend to be someone the target knows well.

  2. Whaling: Whaling is a form of spear phishing where the attackers assume the identity of a senior employee within an organization, to boost credibility.

  3. Mass campaigns: Mass phishing campaigns cast a wider net than the targeted techniques of spear phishing and whaling. True to their name, they are sent to the masses to convince a subset of the wide net to fall victim to their efforts.

  4. Ambulance chasing phishing: With ambulance-chasing phishing, attackers will take advantage of current crises to drive urgency for victims to take action that will lead to compromising data or information.

  5. Pretexting: Pretexting is a highly effective method of phishing that often involves an attacker doing something via a non-email channel to set an expectation that they’ll be sending something seemingly legitimate soon.

The following is a list of red flags that you and your employees should be looking for when reviewing emails. One or more of these red flags might be a sign that you’ve uncovered a potential phishing attack.

  • A request for personal information or confirmation of personal information

  • A misspelled email domain or web address

  • A suspiciously urgent tone and poorly written email copy

  • Odd URLs (To check the URL, instead of clicking on the link, hover over it and copy the URL, then paste it in a word document and review where you are being sent.)

  • Emails shared through a service–such as Drive, Calendar, Dropbox or Box—that do not have a DKIM. If you receive a file that is not signed—such as by google.com, gmail.com or dropbox.com–delete it immediately.

When it comes to preventing phishing attacks and other cybersecurity attacks, education is critical. Download this infographic we’ve developed for insights on various types of phishing attacks and how best to identify phishing scams before they impact you or your clients.

Christopher Henderson is Director of Information Security, Datto.

 his guest blog is part of a Channel Futures sponsorship.

 

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like