Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Phishing Attacks

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. This article will talk about the types of phishing techniques and the prevention.

Phishing techniques

Here's a brief look at five common phishing threats that often arise in enterprise settings. Each example features "Bob," a mid-level employee in the finance department who is trying to get through his busy day and respond to hundreds of emails.

1. Breach of Trust - Bob gets an email from what he thinks is his bank asking him to confirm a wire transfer. The email takes him to a link that looks like his bank's website but it is actually a "spoofed" but identical copy of his bank's website. When he gets to the page, he entered his credential but nothing happened. Too late, Bob just gave his bank password to a cybercriminal.

2. False Lottery - Bob gets an email saying he's won a prize from a sweepstakes. Normally, Bob is too savvy to fall for this trick. However, this email comes from his boss, Joe, and references a charity that they both support. He clicks, and ends up at a bogus page that loads malware.

3. Data Update - Bob gets an email from Joe telling him to take a look at a document that is attached. The document contains malware. Bob may not even realize what has happened. He looks at the document, which seems normal. The resulting malware might log his keystrokes for months, compromise the entire network, and lead to massive security breaches throughout the organization.

4. Sentimental Abuse - Bob gets an email from someone claiming to be Joe's brother-in-law. He's suffering from cancer and has had his insurance cancelled. He asks Bob to donate to help him recover from his illness. Bob clicks on the link and is taken to a bogus charity site. The site could host malware or just steal Bob's credit card information via a bogus "online donation".

5. Impersonation - Bob gets an email from his boss Joe, who says that he needs money wired to a known vendor as pre-payment for an emergency job. Can Bob wire them the money right away? It seems fairly routine. Bob wires the money to the account requested. The money is untraceable and never seen again.

Prevent Phishing Attacks

1. Keep Informed About Phishing Techniques - New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of getting snared by one. For IT administrators, ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.

2. Think Before You Click! - It's fine to click on links when you're on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn't such a smart move. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information but the email may not contain your name. Most phishing emails will start with "Dear Customer" so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.

3. Install an Anti-Phishing Toolbar - Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it. This is just one more layer of protection against phishing scams, and it is completely free.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2019 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268