SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

Why is phishing still the most common cyber-attack?

October 25, 2018 By Josh Yarbrough

What is phishing?

Phishing.org defines phishing as “A cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”

 

This is a very common and highly effective way of getting sensitive information. Emails containing links to malicious websites are the most common attack method. The email may contain links to what appears to be the correct websites but are really spoof sites that look similar if not exactly like the real ones. Once on the site, it asks for your login and/or other personal information. Once that information is received by the spoof site, it’s logged or sent for the attacker to access.

 

Why the name?

The term phishing is a homophone of fishing because the concept is similar fishing in a lake or stream in that the entity dangles something in front of the end user in an attempt for them to take the bait.

 

So why is it still the most common?

The short answer is that it’s still a very effective method of cyber-attack. All the attacker needs to do is convince you that you are on the real website, safe and sound. It’s only afterward, that you realize the error, if you ever do. A large number of accounts have been compromised by phishing attacks, ranging from social media to financial accounts. While it’s getting better with most people being more cautious of suspicious emails and websites, it’s still one of the most effective and common methods of cyber attack.

 

Bleeping Computer has an article on this subject and the recent frequency of phishing. It goes on to say that Microsoft Office 365 accounts are the most popular phishing targets as of late. The reason given was so that after gaining someone’s login, the attacker could launch further attacks on others in the organization.

 

How do you avoid phishing?

Watch for illegitimate links. Pay special attention to that URL before clicking on it. If you position your mouse over a link and leave it there without moving for about a second, the full link will appear. If you are expecting to be led to facebook.com make sure it shows something like https://www.facebook.com and not something like https://abc123.faceb00k.com. Another thing to watch for is slightly misspelled domains such as bankfoamerica.com. It might lead you to a site that appears to be totally on the level. A better alternative is to open your browser and go directly to the site, log in, and then from there, check your account or the site for updates on the “issue”. More often than not, if the original email or message was legit, the site will have it easy to find on the site.

 

Secondly, don’t get roped into a sense of false urgency. Many times the email or pop-up tries to scare you into quickly logging in, threatening consequences such as permanently locking you out or shutting you down if you don’t do so immediately! These tactics are there to try and force you into outrunning your common sense and handing over your information before your suspicion catches up. For a more in-depth post on how to avoid getting phished, check out our post “Don’t Get Phished!”.

 

Overall, nothing beats good common sense. If you feel something isn’t right, contact the institution and have your credentials changed. At SandStorm IT, our team has come across these schemes many times and knows how to deal with this. Still not sure about that email or pop-up message? Feel free to contact us. The last thing you want to do is compromise your personal information.

Related Posts

  • Why is Patch Management Important For Cyber Security?
  • Don't Get Phished!
  • Phishing: How to Avoid Phishing Scams
  • How can I protect my employees from phishing?
  • What is a Denial of Service Attack?

Categories: Cybersecurity, Networking, Personal Computing, Social Engineering/Phishing

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider