mail inbox on iPhone

What Does Phishing Mean and How to Prevent It

All

What does phishing mean exactly? This is a popular question, one asked by hundreds if not thousands of individuals at all levels of an organization – from entry level positions all the way up to business owners.

The popularity of this query comes down to two factors:

  1. How flexible this type of attack is
  2. How common this type of attack is

By flexible, we’re referring to how phishing can affect anyone within a single organization, as long as that person has an active email address.

In 2021 alone, around 25% of all data breaches involved phishing, according to Verizon, which is quite a lot when you consider how potent malware attacks, password attacks, and SQL injection attacks are, generally.

In this post we will provide the answers to ‘what does phishing mean?’ Not only that, we’ll also be looking at the many ways to prevent a phishing attack.

Let’s start by strengthening your understanding of what phishing is and how it affects everyone.

What Does Phishing Mean?

Phishing is a type of fraud where a nefarious individual (known as ‘phishers’) pretends to be a reputable figure or person in an email, with the intention of infiltrating your organization digitally.

Should they get in, attackers will then perform a variety of acts, such as extract log in credentials from employees, steal account information from customers, or one of many other mischievous acts that damage your company from within.

Phishing is similar to vishing in that aspect, only vishing is more telecommunications based, whereas phishing is more to do with emails being weaponized by hackers instead.

Why is Phishing So Common?

Phishing is so effective because of how simple it is to trick someone into clicking a malicious link in a seemingly legitimate fashion, instead of having to break through a computer’s defenses in other ways.

In that regard, phishing is a hell of a lot cheaper for a hacker to execute than other cyber attacks, and can also be performed wherever, as long as the individual has access to the internet.

Plus, it’s not that difficult to create a fake email account that can then be used to trick others into a false sense of security.

It’s also not that difficult to use sources of information to gather background information about the victim’s personal and work history – alongside various other pieces of information, which is why you should always operate with a level of care when sharing content online.

Check out our blog on why you need to think like a cyber threat actor for more information on why thinking like a hacker could save your company a lot of hassle.

404 page displayed on MacBook

How Does Phishing Work?

Phishers typically begin by gathering as much information as they can about the victim, through platforms such as LinkedIn, Facebook, and Instagram.

From there they will create a dummy email address that is nearly identical to one that you might already have in your list of contacts. This is how this might look, for reference:

  • Legitimate Email Address: johnsmith96@gmail.com
  • Fake Email Address: j0hnsmith96gmail.com

One slight change to a single character in an email address can make a massive difference, which is why every employee should always remain vigilant when interacting with any email that comes from one of these accounts.

We should point out that your default email browser will often detect spam and phishing emails, however, that isn’t always the case.

The emails that these accounts send might look slightly off in terms of the content found within – the same applies to the subject of the email in question.

Most emails they send will have a link attached, with copy encouraging you to click the link. Under no circumstances should you interact with this link.

The link almost certainly contains malware, or will take you to a website that tricks victims into downloading malware onto their network or system.

Types of Phishing Attacks

There is more than one way to phish, as proven by the various other types of attacks that you need to be aware of if you’re to keep your organization’s online safety net as strong as possible.

Below you’ll find every known variation of phishing (which we’ll continue to update if new methods should hackers develop other ways of infiltrating your organization in this manner).

Spear Phishing Attacks

Spear phishing attacks are usually directed at specific individuals or companies, meaning hackers will cast a much smaller net in hope of carrying out their actions.

These attacks are a lot more personal in nature in that they will often reference co-workers, and even family members, to come across as legitimate and non-hostile. They might also take things a step further and mention your location and any other personal information.

Whaling Attacks

What’s bigger than a phish? A whale of course. Whaling attacks are a type of spear phishing attack only hackers will target senior members of staff directly.

Whaling attacks are almost always motivated by financial gain, and will almost always construct emails that are near identical to those sent by legitimate contacts. Hackers that perform whaling attacks tend to be a lot more effective at what they do, mostly because of that big money element.

Clone Phishing Attacks

Clone phishing attacks are very sneaky, perhaps more sneaky than some of the others mentioned above and below.

This type of attack uses previously delivered but legitimate emails that contain either a link or attachment. Essentially, hackers make a copy of that email and then swap out all the safe links for malicious ones.

This type of phishing attack is often used by attackers that have taken control over another victim’s system and are masquerading as if they are legitimate.

Pharming Attacks

This type of phishing attack uses a DNS cache poisoning technique to redirect users from a legitimate website to a fraudulent one in an attempt to trick users into logging in and handing over their login credentials.

man sitting in front of 3 monitors

Notable Phishing Techniques

There is more than one phishing technique to keep track of if you’re looking to stay ahead of phishers. In this section we’re going to be looking at the various different ways that a hacker can trap their victims.

  • Link Manipulation: Otherwise known as URL hiding, this type of method is where a malicious URL is displayed to look legitimate, as if it were redirecting the user to a safe website.
  • JavaScript Masking: Code is used to mask a legitimate URL over a browser’s address bar, thus tricking users into clicking on it thinking it’s alright to do so without worry.
  • Homograph Spoofing:Characters are manipulated to read as if they were from a legitimate domain. For example, hackers might register domain names that are nearly identical to actual websites.
  • Link Shortening: Providers like Bitly make it very easy for hackers to take malicious URLs and make them look legitimate.
  • Open Redirect: The final phishing attack technique we want to draw your attention to is where an open redirect vulnerability fails to check if a redirected URL is pointed to a trustworthy source.

Phishing Email Prevention

Other than ‘what does phishing mean,’ the question ‘how can I prevent phishing emails’ is often asked as a follow-up. Unfortunately, there’s not a lot you can do to prevent these types of emails being sent to your inbox.

That said, the majority of these emails should filter into your spam folder routinely.

Some phishing emails will still slip this net and find their way into your main inbox, but that’s not to say that you can’t identify what they are/what the aim of the email is almost instantly.

You see, some hackers aren’t as bright as you might think, often speaking in a strange manner and being very pushy about needing to interact with whatever they’ve embedded into the email – be it a link or a download.

Here a full list of clues that should help with phishing email prevention:

  • Misspelled URLs, names, or words is usually a sign that a phisher is involved
  • The sender uses Gmail and not a corporate email address to contact you
  • Message is poorly written and has no signature at the bottom
  • The message is written with a sense of urgency, using pushy language
  • Sensitive information is asked for, such as passwords or financial details

Other than running a common sense check, there are many other ways to help prevent phishing messages from reaching end users. We’d recommend you look into the following when straightening your cybersecurity posture:

  • Setup antivirus software
  • Make sure both desktop and firewalls are active
  • Install antispy software and keep updated
  • Ensure you have a gateway email filter
  • Utilize phishing filters where applicable
  • Train all staff on general phishing prevention

padlock and keyboard keys

How TLR Can Help Prevent Phishing Attacks

As a cybersecurity provider with years of experience, having helped countless organizations stay cyber offensive, we are no stranger to phishing, and have geared our services/help around such attacks.

From incident response, to training, to even letting us support you through our managed security solutions, we offer everything you need to keep phishers at bay.

Training is an important one when it comes to phishing attacks because, as explained, everyone within your organization can be a victim of this type of cyber attack.

Be sure to check out some of the service pages on our website for additional information. Alternatively, you could get in touch with us directly, where we can then answer any questions you might have relating to what we can do for you.

What Does Phishing Mean and How to Prevent It

You might have had a rough idea of what phishing meant before coming across this post. After reading, we hope that your understanding of this cyber attack is a lot stronger.

We also hope that we’ve given you enough information to help identify and deal with phishers quickly and without worry.

Do keep in mind that you’re always going to receive phishing emails in your inbox (you more than likely have a bunch of them swimming around in there already), but it’s how you react that matters.

This is why we would emphasize the importance of training both yourself and others within your team, as not everyone will understand that.

Again, TLR is on hand if you’d like us to take care of that for you, alongside strengthening other areas of your cybersecurity, as we do best!

Become cyber resilient

Get in touch today to see how we can make you more cyber resilient. Empowering you to lead from the front.

Get in touch
Written by

Dave Roberts

Related blogs

Stay up to date with in the latest security news and trends

View more
Microsoft MFA sign-in

Technology Solutions

Multi-Factor Authentication Examples: Your Complete Guide

Understanding the definition of multi-factor authentication is one thing, but knowing different types of multi-factor authentication examples is another. This information allows you to understand the different ways in which cybercriminals can steal your data and how you can start protecting yourself online. As well as providing some examples, we’ll also be diving into the…

Read more
robot machine

All

What Is Artificial Intelligence and How Does it Affect Cyber Security?

As cyber security expands, more and more companies are asking themselves “what is artificial intelligence and should we be using it?” Ultimately, AI can benefit both smaller and larger organisations by improving cyber security measures, as well as improving day-to-day operations and processes. However, if AI machines fall into the wrong hand,s it’s possible that…

Read more
Wifi symbol on wall

All

Rogue Access Points: What to Look Out For

Whether your company works in-person or remotely, it’s important to be aware of the threats posed by company devices connecting to a rogue access point. Simply connecting to the wrong WIFI network on a company device can allow hackers to infiltrate a network and conduct a cyber attack. A rogue access point can be implemented…

Read more