How to Defend Against Common Phishing Attacks

Wombat security, in the annual report on “State of the art” in the field of phishing, highlights the types of attack most commonly used by hackers.

That phishing is one of the most common cyber attack attempts is certainly not a novelty. of “misleading” mail messages and fraudulent we receive tens every day: In most cases they remain confined to the spam folder, but spam filters may fail in the analysis.

That is why it is vitally important to be able to recognize phishing attacks at the first strike. Even the smallest of hesitations, in fact, could allow cyber criminals to sneak into our PC (or in our inbox) and take over our personal data. The Wombat security report on the state of the art of phishing assumes, therefore, even greater importance: thanks to the work of analysts of the US company specialized in computer security it is possible to have an overview on what are the Common phishing attacks and organize an effective defense.

Types of common phishing attacks

The Wombat report for 2017 shows that the attack attempts between 2016 and 2017 remained constant, while users ‘ awareness grew. “Only” 9% of phishing attempts are successful: a figure almost halved compared to 15% recorded during the 2016. Also, from the report pages, you can also derive which phishing attack categories are most frequently used by hackers. The experts in the United States, in particular, identify four categories.

User. Phishing attacks addressed to the “average user” are covered in this category and involve the daily use of the web (revoking the credentials of the email account or home banking, false social notifications, frequent flyer program, Nigerian Lotteries or US and so on).

These are the attacks mainly aimed at companies (and their employees). The focus of the cyber-criminals moves towards more “professional” communications, which can mislead even the most experienced of employees (messages from the Human Resources office, Communications of the head office or the president, salary increases, etc.)
Commercial. Similar to “corporate” phishing attacks, commercial ones also have an official tone but are not addressed to a specific organization or company. We find in this category the false shipping notices of parcels, check requests and so on.

Cloud. This is the most recent category and, therefore, less known and potentially more dangerous. It includes all those scammed e-mails that invite you to download files from a cloud storage service, stating them as unpaid invoices or cover letters. In reality it is malware – Trojans and ransomware in the first place – that put at risk not only the user’s computer that downloads them but the entire company network.

How to defend against phishing attacks

Regardless of the type of attack, the advice to protect against phishing and avoid that your data can end up in the wrong hands are (more or less) universal. First of all, never open e-mail messages if you don’t know the sender or are unsure of your real identity. In the same way, avoid downloading unsafe attachments, especially if you are “advised” to do so through links to cloud storage services. Remember, then, that neither your bank nor your email services or social networks will ask you for personal information (such as your account access credentials) via email. If you want to change your password, do so using the official tools you will find in the management panel of your profile