Phishing attacks are launched against enterprises by threat actors to achieve a specific outcome, typically involving economic gain. Attacks are designed to create a sense of urgency or panic in the user and trick them into acting in a way that is detrimental to either themselves or the company they work for.
They may try to fool the recipient into clicking on a link and downloading malware, spyware or ransomware. They may ask somebody to disclose financial or confidential company information, reveal personal details about themselves or other colleagues or part with sums of company money. In some cases, users will also be redirected to fake login pages that resemble authentic sign in platforms so that their credentials can be stolen.
In this blog, we’ll look at five different phishing attacks aimed at enterprises in 2022.
The most common form of phishing ploys, email attacks are sent out, often en masse, as part of spam campaigns. Messages that manage to bypass security filters will commonly contain malicious links that can result in company devices being infected and passwords and logins being stolen. Emails will often appear to be from a legitimate company and insidious attachments added may look like common Microsoft Office documents to fool users.
This form of phishing attacks is sent via text message to user’s phones. Like email phishing, smishing will request that users take specific actions. Large organisations are often spoofed in phishing attacks to add credibility to attacks, including the National Health Service (NHS) and the World Health Organisation (WHO), as well as multiple banks and building societies.
This type of attack employs a traditional voice call. Callers may impersonate representatives from legitimate partners or vendors used by a company. A common attack type is for an attacker to call a user, supposedly informing them of a virus on their machine and attempt to leverage a payment for updated antivirus. In reality, the attacker will steal the payment card details and deploy malware.
When phishing attacks target a specific individual at a company, it is known as spear phishing. Unlike spam email phishing campaigns, attackers will research a specific target and use social engineering tactics to enhance the authenticity of any requests made to increase the likelihood of success.
Finally, whaling is like spear phishing, but refers to targeted attacks focused on the upper levels of company management. CEOs, CFOs and other executive levels are all potential victims of such attacks. As individuals with the highest level of permissions to data and financial resources, the “whales” make for the most lucrative targets.
Protect your people with Galaxkey
At Galaxkey, we have designed a secure workspace for enterprise professionals. Featuring cutting-edge security solutions like end-to-end encryption and secure email services, it also stores no passwords and has no vulnerable backdoors for attackers to gain entry to your systems.
To start benefiting from our secure workspace, protect your people today with a free two-week trial from Galaxkey. Contact our expert team to access advanced anti-cybercrime options now.