What Is Anti-Phishing?
In the ever-evolving age of sophisticated schemes and scams, a proactive anti-phishing posture is requisite when it comes to maintaining a secure email ecosystem. Anti-phishing solutions prevent potential threats from reaching employee inboxes by monitoring every message flowing into, within, and outside an organization to defend against highly targeted, identity deception-based, or social engineering attacks.
Types of Phishing Attacks
There are different types of phishing attacks – some are more sophisticated than others, including these:
BUSINESS EMAIL COMPROMISE (BEC)
The goal of a BEC attack is to trick people into wiring money to the attackers. They usually focus on companies involved in frequent wire transfers and global partnerships. BEC attacks can involve different types of phishing campaigns like spear phishing and whaling.
Learn More
The goal of a BEC attack is to trick people into wiring money to the attackers. They usually focus on companies involved in frequent wire transfers and global partnerships. BEC attacks can involve different types of phishing campaigns like spear phishing and whaling.
SPEAR PHISHING
Spear phishing is a very targeted approach focusing on an individual or group of individuals with content that appears to be from a trusted source. Rather than a blanket approach of "you are a customer of grocery store X, click here for a super deal", it’s a crafted attack using personal, company or even vendor references in order to appear to be as legitimate as possible.
Learn More
Spear phishing is a very targeted approach focusing on an individual or group of individuals with content that appears to be from a trusted source. Rather than a blanket approach of "you are a customer of grocery store X, click here for a super deal", it’s a crafted attack using personal, company or even vendor references in order to appear to be as legitimate as possible.
WHALING
While much like spear phishing, whaling attackers impersonate a C-level or senior executive in an organization. There is typically a sense of urgency to pressure employees to share sensitive data such as financial information.
Learn More
While much like spear phishing, whaling attackers impersonate a C-level or senior executive in an organization. There is typically a sense of urgency to pressure employees to share sensitive data such as financial information.
Example of a Sophisticated and Multi-Pronged Phishing Attack
A recent cyberattack against Coinbase engineers was delivered through a SMS text alert where they were prompted to log into their corporate email accounts, which was really a lure to get them to log into a phishing site where they could harvest their credentials. Unfortunately, it only takes one unsuspecting employee to fall for the trick. In this case, the identity deception method used was smishing (or SMS phishing), which has been on the rise over the last number of years.
After the bad actor used the credentials to access Coinbase’s internal system they hit a roadblock due to multi-factor authentication (MFA), so they tapped into another type of attack strategy and circumvented MFA using vishing (or voice phishing) to call the victim and impersonate an IT employee. At this point, Coinbase’s SOC team detected and stopped the scam before any funds were actually exchanged and Coinbase got off easy with only some employees’ PII being stolen. But unfortunately, this is just one of many human-targeted, social engineering ploys that cybercriminals are using to exploit enterprises every day.