The truth is that the prevalence of phishing emails is for one simple reason – they work. People keep clicking the links and downloading the files, so why would the hackers stop sending them?
Hackers are on the hunt for their next big trophy phishing catch, and they’re waiting for you to take the bait. This article covers the top targets that hackers have in their sights, the bait and tactics they use to catch them and the defensive solutions you need to have in place to protect your employees and customers.
In partnership with WatchGuard, we have all the information you need
Who are your Businesses’ Top Phishing Targets?
From the CEO right down to the work experience kid, everybody in your business is a target for a hacker. Depending on what layer of your business a hacker is targeting depends on what type of bait they’ll use. Below are five examples of targets and baits that could be used by hackers when phishing.
Target – CEO. Bait – From Legal Team “We’re Being Sued”
How easy is it for somebody to find your CEO’s name on your website or social media? Once the hacker has this information, they have a direct line to the head of your business.
Posing as your company’s legal team with the threat of being sued a CEO could get easily tricked into clicking a malicious link inside an email.
Target – Finance. Bait – From the CEO “I need you to transfer these funds!”
Hackers know that your finance teams know where the money is. They also know that the CEO will hold power over everybody else in the company. Combining these two factors make for one of the most popular phishing emails.
Your financial team could be sent an email pretending to be the CEO demanding that some funds are transferred to an account immediately.
Target – Sales. Bait – From a prospect “I’m your next big sale!”
Salespeople are used to fielding emails and phone calls from prospective clients and customers. They’re eager to respond to any email that comes through that could be the next big catch. It’s easy enough for a hacker to find a sales person’s information (I mean… you know they’re on LinkedIn) and they can be confident that any email they send will at least be opened.
A simple email pretending to be from a prospect is an easy phish for a hacker to a sales representative.
Target HR. Bait – From a prospective employee – “Hire me.”
Regardless of the standard practices, members of your human resources team are used to receiving resumes via email. And while they might not open every one, hackers know that if they craft the right email, there’s a chance that the HR team could open the email and download the attachment.
If there’s a job opening in your business hackers could send a spoof email with a CV document attached to your HR department that turns out to be malicious.
Target Operations. Bait – From a shipping company – “Your package is missing!”
Shipping attachments for orders are another common way that attackers gain access to your business. Operations and facilities team members (or even regular staff that often receive shipments) are used to receiving these types of emails with an attachment containing important shipping information. Subject lines like “missing package” or “issue with delivery” are certainly going to get their attention.
A spoof email pretending to be from a shipping company could carry a malicious link pretending to be a delivery notice.
How to keep off the Hacker’s Hook
While these phishing attacks can you leave you swimming away towards calmer waters, having the right defences in place can keep you, your employees and your customers protected. WatchGuard offers a robust portfolio of security solutions to ensure that you’re secure at every layer and against every type of attack.
WatchGuard Total Security Suite
Phishing attacks often target different parts of your business in a variety of ways. This requires security at every layer of your organisation against known, unknown and even evasive threats. WatchGuard Total Security Suite protects your business from phishing attacks whether they involve malicious links or attachments.
WatchGuard DNSWatch monitors DNS traffic and blocks access to known malicious sites. So, when a user receives a phishing email and clicks the link trying to point them to a malicious website, DNSWatch steps in to make sure that the user can’t access the dangerous site. For bonus points, this service redirects users to a safe page that refreshes them on the warning signs to look out for with a phishing email.
WatchGuard APT Blocker detonates suspicious files detected on the network and host in a virtual environment to determine if they have malicious intent. If the data is deemed malicious, it gets quarantined from the user. This ensures that any phishing emails containing attachments will be detonated and determined malicious before ever being opened on a user’s device.
WatchGuard Threat Detection & Response (TDR) protects against ransomware attacks. Should an employee receive a phishing email that contains ransomware, the Host Ransomware Prevention (HRP) component of TDR will detect the threat and remediate it before file encryption takes place
Should a hacker gain access to your organisation and find a way to steal user credentials, you need a way to ensure that even if they get those credentials, they won’t get very far. Multi-factor authentication (MFA) requires that a user have something they know, something they are or something they have before they can gain access.
WatchGuard AuthPoint not only helps customers to reduce the likelihood of data breaches arising from lost or stolen credentials but they deliver this solution entirely from the Cloud for easy set-up and management even with limited staff. AuthPoint goes beyond traditional 2-Factor Authentication (2FA) by leveraging innovative ways to positively identify users – such as with our Mobile Device DNA approach. With WatchGuard AuthPoint, even if the hacker steals your password, they won’t be able to access your data and applications.
It’s more important than ever to make sure the people in your business are aware of phishing and the dangers it posses. Want to know more about how to protect your business data? Check out the cyber security section of our Learning Centre. If you have any questions about phishing or WatchGuard’ security suite get in touch below.