Gone Phishing: How to Prevent Sophisticated Attacks

A couple of years ago, I received a phishing email that told me my American bank account had been suspended and that I needed to log in and take corrective action. I knew this was a phishing scam because I live in Canada and don’t have an American account. However, other phishing attempts have proven to be craftier. Over the past few months, I have received several emails asking me to log in to my bank account to accept a special offer. These attempts continued when I failed to respond, with the cybercriminals upping the urgency. I now receive SMS text messages directly to my phone that say my account has been suspended and I need to click a link to resolve the issue.

How did the criminals zero in on my personal details to determine where I actually do my banking, let alone access my email and phone number? These are the types of sophisticated phishing attacks we are dealing with in present times. They are much more targeted and alarmingly personalized, exploiting my personal information and the products I use. The emails I received even had a Web address very similar to the legitimate URL my bank uses.

When I failed to respond to the phishing emails, the hackers upped the urgency and I now receive SMS text messages on my phone saying my TD account has been suspended and that I need to click a link to go resolve the issue.

The average consumer may not be aware of whether this is a scam or a legitimate email from their financial institution — it is that well-orchestrated. Now, consider the average employee being targeted within your organization, since these types of phishing emails are often sent to work email accounts. All the cybercriminals need is a single click from any of the countless emails they’ve sent to various employees in order to gain entry to one endpoint within the network to compromise the entire infrastructure and infiltrate your data, causing millions in financial damages. Take a look at this hypothetical scenario in the form of a mini feature film to see how such an attack can play out:

Spear Phishing Attacks

If you’ve ever watched the show “Survivor,” you have likely seen a contestant using a spear to target a single fish at a time in order to catch it. Spearfishing is a more targeted approach when compared to the traditional fishing method of casting a huge net to catch as many fish as possible. In the cyber world, spear phishing attacks are growing in number and are getting more sophisticated in nature, targeting individuals and employees in various organizations to gain entry into the corporate network. They use personal information such as name, job title and shopping preferences to craft the perfect phishing email unsuspecting victims will assume is legitimate. This information is becoming easier to obtain, since we give out our information willingly to many online and social mediums in order to get discounts on goods and connect with friends and colleagues.

Traditional prevention solutions cannot prevent all such attacks all the time. The question is no longer if you will be breached, but when.

Threat Protection System

A robust threat protection system can prevent, detect and respond to cyberthreats and help proactively prevent malware attacks even before signatures or patches are created, keeping you one step ahead of cybercriminals. A combination of services can give you real-time situational awareness, accelerated risk prioritization and incident response that can detect and respond to a cyberattack or data breach within minutes to shut down an attack before damage is caused.

Read the White Paper to learn more: Proactive Response to Today’s Advanced Persistent Threats

Share this Article:
Rohan Ramesh

Product Marketing Manager

Rohan is the Product Marketing Manager for IBM BigFix, which is part of the IBM Security portfolio. He is responsible for the worldwide marketing strategy and execution of IBM BigFix. Rohan is experienced in marketing strategy, digital marketing, SEO, social media marketing, content strategy and enterprise level application development. He holds a Master’s degree in Business Administration and a Bachelor’s degree in Engineering with over 8 years of experience in the IT industry.