Skip to main content

Dealing with a phishing attack

How to stop phishing attacks – Stop Email Security Threats

Time and time again we have seen that the weakest link within a cybersecurity system is the people – It is very common for us to underestimate just how often we can be fooled by social engineering attacks and tactics. In fact, social engineering is one of the most dangerous attack vectors today, with phishing scams and attacks at the forefront.

Make no mistake – a modern phishing scam goes far beyond the typical “nigerian prince” shtick that we have grown accustomed to. In fact, the devastating security breach suffered by Uber this past month was a social engineering scam. Just this past week Uber disclosed that the recent breach it suffered was made possible through an MFA fatigue attack where the attacker disguised themselves as Uber IT. MFA attacks, a form of social engineering, involve spamming a target with repeated MFA requests until they eventually authorize access.

Attacks like this demonstrate the continued need for effective protection against phishing messages, phishing emails, phishing sites and business email compromise. Read on to find out how to stop phishing and social engineering attacks dead in their tracks:

Explaining common phishing scams

What is Phishing?

A phishing attack occurs when an attacker poses as a legitimate institution or person of authority in order to trick users into giving up sensitive data like passwords or financial information.

Common phishing terms to know

Over the years, phishing attacks have evolved to incorporate different techniques and tactics. Here are the most common types of phishing attacks to know about:

  • Spear Phishing: Spear phishing attacks are phishing attacks that have been personalized and specifically tailored for you. The message may include personal information, including things like interests, recent online activity, or past purchase to try and trick you into divulging sensitive information
  • Whaling: Spear phishing, but for high-value executives at large companies – Attackers typically pick these targets due to their tendency to have lots of authority and therefore provide access to tons of personal and financial information.
  • Smishing: A phishing attack that takes place over SMS or text messages
  • Quishing: A phishing attack using QR codes typically sent over email. The victim scans the code which then redirects them to a malicious website
  • Vishing: Short for voice phishing – This takes place when attackers make phone calls to unsuspecting victims over a VoIP system which allows caller ID spoofing.

How does phishing work?

Phishing occurs when an attacker uses channels like email, SMS and social media to try and trick a victim into clicking on malicious links that lead to malicious sites. These malicious websites are often disguised as legitimate in order to convince victims into providing sensitive information like bank account numbers, passwords and social security numbers.

How to Spot phishing emails

Here are common things to look out for when looking for phishing emails

Here are some indicators that you are looking at a phishing email:

  • You don’t recognize the sender’s name, email address, or phone number
  • There are spelling and grammatical errors
  • The sender is requesting that you provide personal or confidential information or asks you to log in through a provided link
  • An urgent request is being made

Key Tips for Preventing Phishing Attacks

In order to avoid phishing attacks, it is imperative that organizations equip themselves with capable technology designed to stop sophisticated attacks. Like the technology that enables them, hackers are continuing to develop new kinds of phishing attacks that can bypass even the most meticulous spam filtering. Phishing attacks can target social media accounts, advanced security systems, and multi-factor authentication, creating a dire need for technology that can eliminate the possibility of human error.

Prevent Phishing Attacks with Stratejm

A strategic anti phishing partnership

Stratejm has partnered with SlashNext to provide multi-channel phishing protection for users across email, web, mobile and API. We stop up to 65% more spear phishing attacks, legitimate service compromise, business email compromise, smishing, social engineering, in key channels like M365, Teams, Zoom and other communication channels.

Stratejm + SlashNext Advantage

  • Unparalleled, 99.9% zero-hour detection and 1 in one million false positive rate
  • Instant detection of phishing attacks and other advanced threats
  • Fast ROI – Dramatically reduced time to detection
  • Full visibility – Simple deployment, management and reporting across online accounts and devices
  • Harness the power of AI – Patended behavioural phishing technology using millions of virtual browsers to detect threats with unmatched accuracy

Contact us today to find out how we can help you deal with phishing attacks