4th August 2020
Don’t feed the phish (3)
Phishing is one of the most common cyber threats, which all of us have been a target of at one point or another. Simply check your junk folder and you will see many examples.
Some are so well constructed they can easily appear legitimate to the untrained eye. In this post we will provide you with some key tips to help you avoid being another phishing statistic.
Let’s start by looking at the different types of phishing attacks, they come in all shapes and sizes.
They range from email phishing, spear phishing, whaling, to the latest types known as smishing or vishing. In this article we will explain the different ways email can be used as an attack method to social engineer and steal data from a victim. A phishing email is constructed in a way that it will trick a user into revealing sensitive data, or clicking a link which may result in installing malicious software.
Email phishing is a numbers game, an attacker will send out a mass email to thousands of recipients in the hope that they be supplied with the information requested. It only takes one user to fall victim to this attack and the bad guy has succeeded. Various techniques maybe used to impersonate a person or organisation, such as spoofing an email address, which make it appear it’s coming from somewhere else. They will also use formatting techniques to make it appear legitimate such as using a company’s logo, using specific wording and the same style of signature.
Spear phishing builds on the foundations of email phishing and goes one step further by targeting an attack at a specific person. This is a more intricate, detail-oriented attack where the attacker will have done research on the individual to be able to target them specifically.
Whaling is similar to spear phishing but is targeted at senior executives of an organisation.
Smishing & Vishing are social engineering tactics using the telephone and SMS.
Vishing relies on social engineering techniques to trick you into providing information over the telephone.
Smishing targets victims through text messages (SMS), the text will typically contain a URL or number to call which will take you to an automated voice system.
Here are my 5 key tips when it comes to protecting yourself from phishing emails
- Verify authenticity
Although the senders email address may initially appear legitimate, hover over or click on the email address to reveal the true identity of the originating sender. A technique known a spoofing may be used whereby the sender will pretend to use a legitimate email address, but under the hood the actual email address being used will be different. Some attackers may go to great lengths, specifically when performing a spear phishing attack, and register an email domain similar to the one being impersonated.
- Think before clicking links
Before clicking on any links within an email use caution, consider if you really need to be accessing this resource. Where possible open your web browser and visit the page directly by navigating the website. If you must use the link within the email take time to inspect the URL, it may not be sending you where you think.
- Do not supply personal information over email
A legitimate business would not request sensitive data over unsecure email. Do not feel you need to reveal user credentials or even financial information over email.
- Look out for grammatical errors
Often phishing emails will contain grammatical errors, this is sometimes a sign to be extra vigilant.
- Do not be pressured
Phishing emails will try to cause a sense of urgency or cause panic to encourage you to take immediate action. Stop and think before taking action.
And bonus tip… If in doubt, call the sender and verify.
GTMaritime have heavily invested in solutions to help protect you and your vessels from unwanted content ever reaching onboard. Do not allow this to let your guard down, attackers are persistent and will always try to be one step ahead and find new ways to work around.
At GTMaritime we offer our GTMailPlus customers the chance to take a free phishing penetration test to test the awareness of users. Reach out to your account manager for more information.
About the author
Hello, my name is Rob Preston, I’m a Technical Sales Engineer at GTMaritime and subject matter expert in multiple product streams.
My career in technology started with the British Army Reserves where I trained as a technician repairing faulty communication equipment, this provided me the foundations in RF communications. I then moved on to work for a Sony Repair center diagnosing and repairing faulty hardware and finally ended up at GTMaritime where I have been serving the maritime industry for the past 9 years. My experience at GTMaritime began in a technical support capacity which allowed me to gain a deep understanding into the varied technologies used and the customer behaviours. That understanding of the customer pain point led me into a Pre-Sales capacity where I currently act as a conduit between the sales and product teams translating my understanding of the problems and recommending appropriate solutions and development initiatives.
My experience has provided me with knowledge across multiple areas, ranging from server infrastructure, satcoms, data communication optimisation solutions, to cyber security solutions. Through this blog I, and my colleagues, willdraw upon experience to help you stay protected from cyber criminals.