Phishing remains the primary cybersecurity threat to businesses and individuals using networked devices. It serves as a gateway for criminal enterprises, exploiting techniques often used by legitimate applications, which complicates detection. To combat this, implementing an anti-phishing strategy is crucial. This simple measure significantly reduces the risk of successful phishing attacks. Integrating anti-phishing guidelines into your organization’s policies and procedures is an effective defense strategy. This handbook outlines common phishing tactics, offers best practices for prevention, and provides guidance on crafting response plans for when attacks occur.

Phishing attacks typically involve imposters posing as legitimate entities via electronic communications, such as emails, texts, or instant messages. Their aim is to deceive users into divulging sensitive information or installing malware. Phishing can be categorized into several types, each with distinct goals and techniques:

Phishing Types and Techniques

Phishing attacks share a couple common traits. They involve attackers disguising themselves as legitimate entities within electronic communications (usually emails, although phishing attacks can also be carried out through text messages or instant messages, for example). The attacks have the goal of tricking end-users into giving away sensitive information or installing malware on their systems.

However, phishing attacks can be broken down into many distinct categories. Each category is defined by different attack goals and/or techniques.

The most common types of phishing attacks today (updated 7/11/2024) include:

1. Group phishing: Targets large groups with the same message, such as all employees within an organization. It is the most basic and least sophisticated form.
2. Spear-phishing: Focuses on specific individuals or organizations, often using personalized information to appear more credible.
3. Whaling: Targets high-level executives with more tailored and strategic messaging.
4. Clone phishing: Mimics a legitimate message the recipient has previously received, such as a shipment tracking email, to launch a deceptive attack.
5. Smishing (SMS Phishing): Involves sending fraudulent SMS messages that prompt recipients to provide sensitive data or click on malicious links.
6. Pharming: Redirects users from legitimate websites to malicious ones by exploiting vulnerabilities in DNS (Domain Name System) servers or on the user’s device, making it a more technical and insidious form of phishing.
7. Business Email Compromise (BEC): Targets companies by impersonating senior executives or trusted vendors. The attacker usually requests transfers of funds or sensitive data.
8. Angler Phishing: Exploits social media platforms where attackers masquerade as customer service accounts to intercept customers attempting to contact legitimate service accounts.
9. Search Engine Phishing: Involves setting up fake websites that appear through search engine results. Once the user engages with these sites, they may be tricked into entering personal information.
10. Evil Twin Phishing: Creates a fraudulent Wi-Fi network that appears legitimate. Once connected, attackers can monitor the victim’s online activity and steal sensitive information.
11. Pop-up Phishing: Uses fraudulent pop-up windows during legitimate browsing sessions to deceive users into entering personal information.

Understanding these types helps organizations and individuals recognize and mitigate potential threats more effectively. Not sure where to begin? Register below for a free Technology Strategy Session.

TSI Password Manager secures your new password records are input to the internet browser on your computer. From there they are protected in transit by 2048-bit RSA keys, and at rest using over 300 different rounds of 256-bit symmetric encryption, with six different randomly generated keys. Your unique encryption key (organization key) is the final step in unencrypting your data for view within the browser.

Easy as 1,2,3.

ORGANIZATION KEY

Two of the encryption keys used are unique to each password record, and one of the encryption keys called the Organization key is created and stored only on the server side. This encryption key is never stored or maintained anywhere except within the TSI Password Manager infrastructure.

PASSWORD AND

PASSPHRASE TRANSMISSION

All inbound and outbound data communication traffic with the TSI Password Management happens over TLS

1.2 using 2048-bit RSA keys to ensure the protection of your data in transit.