{"id":55256,"date":"2021-10-12T14:18:33","date_gmt":"2021-10-12T18:18:33","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=55256"},"modified":"2024-02-20T18:45:06","modified_gmt":"2024-02-20T23:45:06","slug":"many-masks-phisher","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/many-masks-phisher","title":{"rendered":"The Many Masks of the Phisher"},"content":{"rendered":"\n

It\u2019s Cybersecurity Awareness Month! In honor of the theme \u2014 Do Your Part. #BeCyberSmart \u2014 we\u2019re doing our part by educating IT teams and organizations on protecting themselves. Throughout October, the JumpCloud blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back in throughout the month for new cybersecurity content or check out our archive of existing security articles<\/a> for cybersecurity insights written specifically for the IT professional.<\/em><\/p>\n\n\n\n

<\/p>\n\n\n\n

Unlike many other attack methods, phishing preys on human nature. Further, its low-tech nature is one of the reasons it\u2019s still so popular. It\u2019s easy to implement and casts a wide net that doesn\u2019t often come up empty. <\/p>\n\n\n\n

Because even one user who falls victim can let in malware that infects the entire infrastructure, everyone in your organization needs to be able to detect and appropriately respond to phishing. <\/p>\n\n\n\n

In keeping with this year\u2019s Cybersecurity Awareness Month theme, this article will help IT admins prepare users to recognize and respond correctly to phishing attacks.<\/p>\n\n\n\n

Because phishing is all about hackers infiltrating your organization by pretending to be someone a user trusts, this article will cover some of a phisher\u2019s most common disguises. It will also cover how to best respond to a suspected attack, and how to prevent attacks from taking hold. <\/p>\n\n\n\n

Note<\/em><\/strong>: If you don\u2019t already have a phishing awareness campaign in place, you can start by sharing these tips with your employees so they know what to look for and what to do if they suspect phishing. <\/em><\/p>\n\n\n\n

Popular Types of Phishing <\/strong><\/h2>\n\n\n\n

The first phishing email was sent in the mid 1990s<\/a>. The traditional tactic remains in use today, largely for widespread, untargeted attacks. Other, more focused phishing styles have evolved as well, and phishers have learned what worked and how to hone in on their targets. Understanding these attack types will prepare you and your users to spot them. <\/p>\n\n\n\n

Email Phishing<\/h3>\n\n\n\n

Email phishing is the most standard form of phishing, which most users are likely familiar with. In a phishing email, a hacker sends an email posing as someone trustworthy to convince the recipient to click a malicious link, download malware, or hand over their credentials. <\/p>\n\n\n\n

Smishing<\/h3>\n\n\n\n

Smishing (SMS phishing) is similar to email phishing, but it occurs over text. <\/p>\n\n\n\n

Vishing<\/h3>\n\n\n\n

Vishing is also a variant of email phishing that occurs via voice\/phone call.<\/p>\n\n\n\n

Spear-Phishing<\/h3>\n\n\n\n

Spear-phishing takes the traditional phishing email and personalizes it with social engineering, targeting a specific individual. This tactic takes hackers longer to execute, but it is generally more convincing than a standard phishing attempt. Because of the extra time investment, spear-phishing attacks usually target higher-value targets with deep levels of access.<\/p>\n\n\n\n

Whaling <\/h3>\n\n\n\n

Whaling uses the same tactics as spear-phishing, but it targets senior-level personnel. It\u2019s important for executives to be aware of whaling and understand they aren\u2019t immune to attack. Make sure they take part in any phishing awareness training you implement.<\/p>\n\n\n\n

Clone Phishing<\/h3>\n\n\n\n

Clone phishing swaps real links or attachments for malicious ones in a legitimate, previously sent email, and then resends it. Often, phishers use an email that was sent to a group, and resend the email to the group. If they have access to the sender\u2019s email account, they may send it from that account under the premise of resending with updated information.  <\/p>\n\n\n\n

Search Engine Phishing<\/h3>\n\n\n\n

Hackers are always looking for new ways to reach their targets, and Google searches are now within their vector arsenal. In search engine phishing, hackers forge a legitimate website and optimize it to show up for a common Google search. If they design it up correctly, it would be difficult to spot the site as a fake. Hackers usually do this with account pages, hoping users visit the page and input their credentials, unknowingly giving them away.<\/p>\n\n\n\n

Common Phishing Dupes<\/strong><\/h2>\n\n\n\n

Now that we\u2019ve established popular types of phishing attacks, it\u2019s important for users to understand who <\/em>phishers might pose as. This is critical information for the end-user, who needs to know what a phishing email might look like when it pops up in their inbox. These are some of the most popular masks phishers wear when they attack. <\/p>\n\n\n

\n
\"Phisher
End-users should be familiar with phishers’ common disguises so they can recognize attacks.<\/figcaption><\/figure><\/div>\n\n\n

A Popular Account<\/h3>\n\n\n\n

Phishers have gotten pretty good at impersonating big brands, from duplicating their logo to creating fake (but believable) login pages. Phishers often use this tactic to masquerade as brands that use online accounts, like subscription services, banks, credit card companies, and software.<\/p>\n\n\n\n

These phishing emails usually pose as one of these brands, alerting the recipient that their account is locked, set to expire, needs review \u2014 anything to get them to open the link and log in. Often, the phisher uses a fake login page, captures the credentials, and infiltrates the account.<\/p>\n\n\n\n

Someone in Their Organization<\/h3>\n\n\n\n

If your boss said they urgently needed your help with something for a big meeting they were about to step into, would you say no? Many phishers bet on employees trusting their leaders, sending texts, emails, and other fake correspondences masquerading as an employee\u2019s boss. When the phisher does their research on their target, these can often be quite convincing. <\/p>\n\n\n\n

This ruse doesn\u2019t stop at direct superiors. Phishers often pose as someone from HR or IT to gain valuable credentials, as well as a fellow coworker who needs help. Fortunately, while phishers are fairly skilled at researching and impersonating others, humans generally have a trustworthy gut on interpersonal communication. If something feels off about the voice, topic, or channel with which someone contacts an employee, they should check-in with that employee via another channel to verify the communication.  <\/p>\n\n\n\n

A Customer<\/h3>\n\n\n\n

Customers wanting to pay for your company\u2019s services seem pretty routine, which is why this phishing method works. In these attacks, phishers email you as a \u201ccustomer,\u201d claiming that they\u2019ve attached their payment. (Spoiler alert: the attachment isn\u2019t their payment. It\u2019s likely malware.)<\/p>\n\n\n\n

The Government<\/h3>\n\n\n\n

Legal action can scare anyone, even if they haven\u2019t done anything wrong. That\u2019s the thinking behind these attacks, which pose as a government body threatening legal fees, jail time, or other penalties unless the recipient takes action. That action is usually remitting payment or clicking a malicious link, downloading malware.<\/p>\n\n\n\n

A New Connection<\/h3>\n\n\n\n

Social media and remote work have eliminated the discomfort of meeting someone virtually. So a message in your email or LinkedIn saying, \u201cHey, it looks like we both worked with Amanda at CompanyABC; let\u2019s connect!\u201d sounds fairly benign. <\/p>\n\n\n\n

Phishers can find a person, company, club, or other connection in your social media and use it to establish common ground with the recipient. This generates trust, which might assuage the uneasiness of clicking a link or sharing information with them.<\/p>\n\n\n\n

When executed correctly, these phishing attacks are some of the most convincing and dangerous. This attack is often the tactic spear-phishers and whalers use, doing their research and targeting someone high up to make their attack count. <\/p>\n\n\n\n

Notes on What to Look for: <\/strong><\/h2>\n\n\n\n

While grammar and believability used to be a primary factor in catching phishing attempts, they\u2019ve become much more sophisticated. Many no longer contain these mistakes, and they shouldn\u2019t be employees\u2019 sole tip-offs.<\/p>\n\n\n\n

Employees should learn to look for context clues when they are asked to click a link, download something, log into an account, or share information, assets, or money. Common context clues that could tip someone off to a phishing attempt include: <\/p>\n\n\n\n