Cybersecurity matters: 5 of the most common phishing attacks
We are halfway through National Cybersecurity Awareness Month (NCSAM), and this month is dedicated to shining a light on the importance of cybersecurity preparedness. This could not come at a better time as financial institutions face considerable challenges when protecting sensitive personal and financial data from the most popular cybercrime, phishing attacks. As the pandemic continues to shift operations in business, being aware of the different types of phishing attacks is critical to keeping your organization safe. Below is a list of the top 5 your credit union should look out for.
Five Most Common Types of Phishing Attacks
According to a MetaCompliance article, “research has found that 91% of all cyberattacks start with a phishing email.” However, it’s not that simple – phishing is just the umbrella term; many different types of attacks fall under this main threat.
Below are the five common types of phishing attacks according to the article; let’s take a look:
- Spear-Phishing: This type of targeted attack focuses more on stealing sensitive data from an individual or specific organization. Personal information that is specific to the target individual or company is used to seem more legitimate.
- Vishing: This type of attack refers to “phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.” These calls are usually made using a normal ID to make it appear safe to answer. For example, a hacker could pose as a representative at your bank or credit union and call to alert you that there has been questionable activity on your account. Once they’ve gained your trust, the hacker will ask for your personal account information and can use those details to commit identity fraud.
- Whaling: This type of attack includes a high-level choice of target; it is an attempt to steal and misuse senior management’s private, personal information at a company/organization. Whaling occurs in the form of emails that are more sophisticated than phishing and are often harder to recognize due to their use of elite corporate language. The email will include personalized information about the target and organization.
- Smishing: This type of attack is unique compared to its counterparts as it uses SMS text messages to gain access to personal information like credit card numbers, passwords, and more. The delivered text message usually includes a call to action to demand an immediate response or reaction.
- Clone Phishing: The last type of attack involves “legitimate and previously delivered email [that] is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.”
These are just a few examples of what your credit union could be up against if security protocols are not put in place. Your credit union must invest in the proper risk management tools and programs to help protect sensitive information because the truth is: cyberwarfare is real. By the looks of it, the battle will only get more complex. Therefore, the responsibility falls on us to be cyber smart.