1 minute read
Phishing, pharming, whaling? Common data attacks and how to prevent them
A cybersecurity quest to ensure you and your team are prepared to prevent potentially irreversible data breaches.
Phishing
Advertisement
Phishing is a social engineering tactic where an individual’s personal information is stolen. Victims receive an email requesting the input of sensitive data through an external source, typically a fraudulent website. These websites are constructed to appear legitimate and therefore poses a threat to users at home and at work. To prevent a phishing attack, you can carefully inspect email content such as hovering over links to see where you are being re-directed, spelling errors, and generic greetings.
Pharming
Where phishing communicates via email, pharming uses sophisticated techniques such as disguised DNS servers to claim its victims. Cybercriminals attempt to divert website traffic to other websites with bogus IP addresses (compromised DNS servers). Pharming attacks typically succeed in unprotected computers. In this case, you can prevent pharming through regularly updating your antivirus software and other protective software and ensure website domains include the secure https prefix.
SMS & Voice Phishing
More recently, cybercriminals have targeted phone numbers where individuals are sent messages that include fraudulent links and contact details. With voice phishing, users are asked to call a number (with disguised caller IDs that appear legitimate) and provide personal information. You can avoid SMS and voice phishing by ignoring calls from unrecognised numbers, and not provide personal information over the phone. If you are in doubt of why a company is trying to reach you, research their contact number and call the entity back to voice any concerns.
Spear Phishing & Whaling
Spear phishing (an extension of phishing) targets particular individuals or organisations. This is a smart tactic, as cybercriminals personalise emails and mobile messages for the individual(s) they are targeting. A study reported by Jagatic et al. (2007) demonstrated spear phishing to own a 70% success rate. Whaling, also known as CEO fraud, is a form of spear phishing that targets high profile individuals such as senior executives. As spear phishing presents a more serious form of phishing, employee security awareness training is an important preventative measure. To prevent whaling, further security measures such as multi-factor authentication can help fend off sensitive information getting in the wrong hands.
