Skip to content
Verity IT - Managed IT Support - Logo
Search
  • Managed IT Services
    • Managed IT Support
    • IT Security Services
    • Telecommunications & Connectivity Services 
    • IT Projects
    • IT Strategy & Planning
    • Managed Cloud Services
  • About Us
    • About Us
    • Careers
  • Industries
    • IT Support for Accounting Firms
    • IT Support for Architects
    • IT Services for Construction
    • Healthcare IT Support
    • IT Services for Law Firms
    • IT Services for Local Government
    • IT Services for Long Term Care Facilities
    • Manufacturing IT Support
    • IT Services for NonProfits
    • Real Estate IT Support
  • Contact Us
  • Resources
    • IT Security Assessments
    • Blog – Managed IT Services Best Practices
    • Managed IT Support Success Stories
    • Customer Portal
    • Events
    • F.A.Q.’s
    • Referral Program
    • Webinars
  • Search

What Is a Phishing Attack?

What Is Phishing?

A phishing attack is a type of social engineering. Phishing attacks involve sending fraudulent communications that appear to come from a reputable or known source to the targeted end-user. It is often done through email. The goal is to steal sensitive data, such as private company information (client lists, bank account information, credit card and login information), or to install malware on the victim’s machine.  

A phishing attack occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.  

EmailPhishingInfo

One of these attacks can have devastating results. Phishing is often used to gain a foothold in business as a part of a larger attack. In this scenario, employees become compromised in order to bypass security perimeters, distribute malware inside a closed environment or gain privileged access to secured data. 

A business impacted by such an attack typically sustains severe financial losses in addition to experiencing an impact to their reputation. In some situations, a phishing attack can affect a business to the point where a business will have a difficult time recovering. 

What Is a Phishing Scam?

Email phishing scams 

Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam.  

For one, they will go to great lengths in designing phishing messages to mimic actual emails from a spoofed organization. Using the same phrasing, typefaces, logos and signatures makes the messages appear legitimate. 

From: HR, [email protected]
Sent: Monday, December 14, 2020 3:02 PM
To: Mark 
Subject: Missing Information 

Hi Mark,  

We are working on the 401K documentation and it seems like the social security number we have on file for you may be incorrect. We have 365- 26-8498 for you. Is it correct? Please let us know ASAP, we need to submit the paperwork by EOD. 

Best, 

HR Department 

In addition, attackers will usually try to push users into action by creating a sense of urgency. For example, as previously shown, an email could threaten expiration and place the recipient on a aggressive timeline. Applying such pressure causes the user to be less diligent and more prone to error. 

Lastly, links inside messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. Similarities between the two addresses offer the impression of a secure link, making the recipient less aware that an attack is taking place. 

Spear phishing

Spear phishing targets a specific person or enterprise, as opposed to random application users. It’s a more comprehensive version of phishing that requires special knowledge about an organization, including its decision-making structure.  

An attack might play out as follows: 

  1. A perpetrator researches names of the general managers within an organization’s branch office network and in order to gain access to the latest accounts receivable totals for their clients. 
  2. Posing as the CEO, the attacker emails the general managers asking for them to send their accounts receivable (AR) ledger for their branch’s clients, listed by client to him by end of day. The text, style, and included logo duplicate the organization’s standard email template. 
  3. The perpetrator then researches each client from the AR ledger. They then send an email to each client on the ledger, posing as the CFO of the breached organization, stating they have switched banks, requesting the client to use the new, fake bank account information and asks them to submit payment on the outstanding balances within 24 hours.  

In this scenario, not only is the breached organization impacted, but their clients are also impacted.  

Phishing Protection 

Phishing attack protection requires steps be taken by both users and businesses. 

For users, security awareness and education is key. A spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names. Users should also stop and think about why they’re even receiving such an email. 

For businesses, a number of steps can be taken to mitigate both phishing and spear phishing attacks: 

  • Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive business applications.  
  • We also recommend that businesses enforce strict password management policies. For example, employees should be required to frequently change their passwords and not be allowed to reuse passwords for multiple applications. 
  • Security training and threat awareness educational campaigns can also help diminish the threat of phishing attacks by re-enforcing secure behavior practices, such as not clicking on external email links. 

Register for our webinar New Year — New Data Security Policy. With the increase in cybercrime threatening both the public and private sector, it’s important for organizations to have a data security policy in place. 

61% of businesses reported a cyberattack in the last year — could your business survive an attack? Contact Verity IT to construct your cyber readiness plan today!

Ready to Get Started with Managed IT Services?

Contact Us Today
Posted in BlogTagged Cybersecurity, Phishing

Post navigation

  Previous PostNext Post 
verity-it-white-logo

Verity IT provides Managed IT services, cybersecurity, and cloud services to help your business stay secure and run smoothly. With offices in Chicago, Nashville, Orlando, and Fort Myers/Naples, we are well-positioned to serve businesses across these regions. Our team is here to ensure your technology works for you, allowing you to focus on what you do best.

IT Services

Managed IT Services

IT Security Services

Telecommunications & Connectivity

IT Projects

IT Strategy & Planning

Cloud Services

About Us

About Us

Careers

Contact Us

Customer Portal

IT Resources

IT Security Assessments

Blog

Case Studies

Events

FAQ

Referral Program

Webinars

Chicago IT Support

2001 Butterfield Road, Suite 102 
Downers Grove, Illinois 60515

Nashville IT Support

1204 S Main St., Suite D 
Columbia, Tennessee 38401

Orlando IT Services 

1800 Pembrook Drive 
Orlando, Florida 32810

Fort Myers IT Support

Naples, Florida 34109

©2024 Verity IT, LLC

Privacy Policy

  • LinkedIn
  • Facebook
  • YouTube
Search for:
IT Support: 224-345-2640 or
[email protected]
This is default text for notification bar
Learn more