Phishing the Channels: How to Spot Phishing through All Business Communication Channels
In the modern business world, most people already know that phishing is a fake email you get from a hacker. Meant to trick you into clicking a malicious link or attachment that will secretly -- or not-so-secretly -- download malware onto the computer. But not all businesses or professionals are aware that phishing isn't just limited to email. In fact, most methods of social hacking fall into the 'phishing' variety and is hardly limited to a single channel of communications. Hackers today are phishing the channels, using every possible avenue into a company's network.
Let's take a closer look at the many ways a phishing message and malicious link might make its way into your business and need to be dealt with by employees.
The most common phishing channel is email because it's asynchronous, includes attachments, and because email has existed longer than all other forms of business communication. Except the phone, and you can't send links through a phone call.
Phishing emails usually appear to come from a known contact or an organization the target interacts with. It might pretend to be an email from a brother, a coworker, the bank, or even a vendor for the business. But if the employee is fooled by the fake sender address, they click the link and you're on malware cleanup duty.
Live Chat Phishing
Phishing spread to live chat about the time we realized that links could be copy-pasted into the text box. In fact, the impulsive nature of chat actually increases the chances that a malicious link will be clicked. Especially if the hackers has spent a little time cultivating a friendly conversation with their target. Which may lead you to wonder... how would a hacker get into live-chat contact with one of your employees in the first place? This takes us to the next point.
Customer Service Phishing
No matter what kind of customer service interface you use -- live chat, email, or anything else -- hackers will try to phish your support staff through it. They will pose as customers, make up fake problems, and insist that they need to send an (infected) file for the service tech to look at while they are helped. Watch out. The best defense to any customer service attack is to rely on a document manager, so that no files are ever directly uploaded to your network.
Social Media Phishing
Hackers also phish through social media. Watch out especially for LinkedIn, where hackers know professionals spend the most legitimately work-related social media time. They may pose as job candidates, networking connections, or even vendor reps. Just watch out for the malicious potential when clicking links from strangers.
Document Share Phishing
Hackers might even try to use some document sharing feature on your website in order to phish whoever receives it. Online paperwork signing, for example, often involves downloading, signing, and exchanging certain documents. Hackers may get ahold of customer accounts, log fake customer service requests, or otherwise try to entice your team into clicking a link outside the protected document into some infected website or file.
Phone-Assisted Phishing (Vishing)
Finally, there is phishing that involves the phone, or voice. This is known as Vishing (voice-phishing) and happens when hackers actually call your employees on the phone to convince them to click a link sent by email. It sounds ridiculous until you consider how hard service reps will work to make a customer happy. If hackers can yell at an employee over the phone (or even be nice) in order to convince them to overlook normal anti-phishing precautions, they will. Have no doubt.
As a business concerned with cyber-security, it's vital to understand just how many ways hackers may try to use phishing tactics to socially manipulate your employees into opening the security doors. Because the moment a malicious phishing link is clicked, you're on the defensive. For more about how to prepare your team and defend against cybersecurity threats, contact us today!