The latest spate of phishing attacks is focused on targeting attachments within emails particularly PDF attachments. For organisations, this is a highly detrimental problem because generally IT proficient employees are unskilled in recognising cybersecurity related threats. As a result, inexperienced employees are likely to click a malicious URL without realising they are potentially compromising organisational cyber security.
A factor which assists the perpetrators in successfully manipulating employees is the sophistication of their phishing campaign. Most prevalent phishing attacks are designed to send an email appearing to be from a legitimate source known to the victim, therefore increasing the likelihood of entrapment. For instance, in an erudite phishing attack the attachment within the sender of the email may appear to be from within the organisation such as the HR or Finance department forwarding an invoice. The difference between existing phishing attacks and most up to dated threats are that previous phishing attacks resulted in downloaded content running malicious malware on the victims’ machine. However, more evolved attacks involve PDF attachments which do not contain malicious malware, yet are implemented with URL links within the actual text of the PDF document which when clicked lead to a compromised website.
Another phishing attack to be vigilant about is the email which appears to be a friend request from a social media website, however when the recipient clicks the given URL link this leads them a compromised website that contain a fake login screen. When the user, enters login credentials these are stolen by cybercriminals resulting in a security breach of a social media account from which further information could possibly be stolen.
TechDecoded recommends the following tips for avoiding the latest phishing attacks:
- Avoid clicking URL links through PDF or any form of documentation received attached in an email.
- Visit trusted websites by manually entering URLs.
- Confirm authenticity of the sender before opening emails and downloading content.
- Avoid unnecessary downloads.
- Recognise spam emails through discerning authenticity. Usually spam emails contain spelling errors in the subject or body.
- Although the email may imitate a genuine sender, if an unexpected email is received verify the content of the email with the original sender through alternative means of communication.
- Organisations should provide relevant training to employees to increase their awareness of latest phishing scams.