Phishing Attack: The Power of One Email

Ostra Delivers Smarter Protection to Minimize Security Risks

All it takes is one unsuspecting employee to click a malicious link in a phishing email and attackers will have all the information they need to compromise a business.

Access is everything – and phishing attacks give attackers access. As an attack method, phishing is easy and it works. All it takes is a believable email to get people to click on, and a fake website to land on.  According to industry research, over one third of phishing messages get opened by targeted users.

It’s not surprising that one of the most prevalent ways attackers are breaching data is via phishing. With no sign of cyber attacks slowing down, it is important that anyone who operates in a digital world — which is nearly everyone — is fully awake to the threat posed by phishing attacks, and the consequences of failing to recognize and respond when an attack occurs.

According to 2019 trends, phishing emails are much more likely to have a malicious link than a malicious attachment. These links lead to impersonated websites designed to harvest credentials, trick the victim into installing malware, or inject drive-by exploits into vulnerabilities in the user’s browser. A majority of these websites appear safe to the victim because they use HTTPS and legitimate certificates.

In an indiscriminate attack, phishing emails contain links leading to fake websites impersonating popular brands such as Facebook, Apple, Amazon, Netflix or Paypal. This “spray and prey” tactic is used against a big list of email addresses with the a goal of successfully luring some of the many recipients.

A targeted attack involves an email that impersonates an organization known to the targeted group. Some common tactics in a targeted attack encourage the recipient to click a malicious link disguised as a holiday bonus from HR, an invoice from vendor, or a resumé matching open jobs. Criminals use the credentials gathered from this type of attack to access protected information — for example a list of bank customer names and email addresses — or to gain illicit network access for reconnaissance and future attack.

A single individual, usually a C-level, is targeted in a spear-phishing attack. The email impersonates someone known to the target and often achieves credibility by using details sourced from the target’s digital identity (social media). Fraud via wire transfer or fake invoice, ransomware injection, and theft of secrets are the high-dollar goals of a personalized attack.

A phishing response strategy is a modern necessity. Security awareness is a part of that response, but users are not a strong last line of defense in cybersecurity. Modern day attacks spawned by phishing emails often go undetected by traditional security solutions. Ostra’s Enterprise Grade Security solution provides the technical security controls necessary when the bad guys find a way to trick someone into clicking something malicious.