Email phishing attacks are still netting hackers billions each year. However, as security awareness training becomes commonplace among organizations, users are getting better at identifying targeted spear-phishing attacks before they take the bait. Many users are exercising a healthy suspicion of unusual sender addresses, and urgent requests so hackers are shifting their techniques to maximize their chances of exploiting users for valuable data.
Recently, McAffee published details on a growing phishing threat that leveraged both email and voice technologies. Legitimate looking Microsoft emails were sent to mid and high-level managers notifying them of a new voicemail. They were then prompted to log in to a phishing site in disguise in order to hear the message. As the message loaded, a brief audio clip of the voicemail began to play. By including an audio snippet, hackers were hoping to incite urgency and further legitimize the attack.
This incident speaks to a growing trend among social engineering attacks; hackers are incorporating multiple modalities and delivery methods to throw users off and trick them into handing over the goods.#Smishing and #vishing attacks are on the rise as #cybercriminals look for new ways to dupe users. Multi-vector #phishing simulations are helpful, especially when used together. #spearphishing #emailsecurityClick To Tweet
Smishing and vishing attacks are on the rise as cybercriminals look for new ways to dupe users. Smishing refers to SMS text attacks that can arrive on its own or be part of a dual-vector attack (think an email asking a user to reset their password, followed by a text). Major clues that employees are trained to look for aren’t available for SMS texts; no sender address, no ability to hover over the link, no signature- which makes them trickier to discern.
Vishing is a voice phish, where hackers leverage automated voice calls to bait users into giving over sensitive data. Vishing attacks often include some level of scare-tactic, “your son is in jail”, “your social security number has been compromised”, “you’re under investigation from the IRS” are all popular approaches that leave recipients hurrying to deliver the information requested.
User awareness training is critical for enabling users to avoid being the victim of these attacks. Multi-vector phishing simulations are particularly useful – especially when used together. Organizations should leverage a security awareness training solution like PhishLine that provides simulations for email, SMS text, and automated voice across all email platforms. When coupled with advanced technical controls, multi-vector testing provides an effective solution for thwarting sophisticated phishing attacks.
Learn more about how PhishLine can help train your users to identify threats that arrive through email, text and voice calls.Only PhishLine helps you guard against a range of threats with patented, highly-variable attack simulations for multiple vectors, including #phishing, #smishing, #vishing, and found physical media. #emailsecurityClick To Tweet