The most successful phishing attacks are those that combine technical expertise, e.g., the ability to spoof an email so it appears credible, with a little bit of online research such as identifying employees and their roles in the company. So, how can companies protect themselves against this type of attack?
The first thing is to understand that scammers can be extremely sophisticated and that any company may be vulnerable to this type of attack. Sometimes, it is hard to tell if an email is genuine. Second, appreciate that human factors are frequently exploited when it comes to phishing emails.
Let’s examine a couple of real-life case studies to show how scammers may target businesses using phishing emails.
In this example, scammers used the technique known as evoking authority by pretending to be the company director, who has authority over Anna. This is a very common technique used in many scams and frequently in phishing scams sent to businesses. It is effective because many people shy away from openly questioning the motives or actions of those who are in a position of authority. At work, this may include managers, company directors, or leaders. In other contexts, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Martina Dove. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/phishing-attacks-often-target-small-businesses-heres-what-to-watch-for/