Social Engineering at Work: Part 2 – Email Phishing
Social engineering is when “persuasion” takes a darker turn. In a broad sense, it includes any action that attempts to influence a person to act against their best interests. This is the second off a 4-part series on social engineering and how it affects your business. Earlier, we covering Impersonation. Today – Phishing.
Email Phishing
Phishing occurs most often through email and it’s one of the most common ways cyber attacks are launched.
Two main types of email phishing exist:
- Emails that trick victims into sharing access credentials.
- Emails that trick victims into installing malware.
In email phishing, attackers are generally not working to scam you out of money directly. They simply want to steal access credentials or install malware.
In the first variety, attackers typically encourage victims to visit a phony website and enter access credentials. Occasionally, they encourage victims to send credentials directly via email.
Even here, overlap exists – where the phishing websites often attempt to force malware onto the users’ system via drive-by-download or a disguised software update.
Many phishing emails attempt to trick users into installing malware directly via a disguised email attachment. While any type of malware can be used, trojans are a common variety designed to persist on the infected system and collect sensitive information, such as banking credentials.
What You Can Do About It
First, always be aware that these scams exist and keep your guard up. More importantly, partner with a trusted IT service company, who takes on the job of protecting your business from cybercriminals.
For more information, a security assessment, or help training your employees on cyber safety, call mPowered IT at 678-389-6200.