Mike Jennings, President of BEI gave a presentation on The Evolution of Phishing to the U.S. Senate staffers on Tuesday, August 20. Big thanks to the Office of the Sergeant at Arms, U.S. Senate for arranging the event.
We’re all targets for phishing, and you can imagine how attractive the Senate staffers would be! With this in mind, Mike briefly covered the various types of phishing, including Credential, Spear, Whaling and Business Email Compromise. Notably, he included examples and discussed how to spot each type and gave some background on what they are looking to exploit.
Mike then talked about the current trends in phishing:
- Software as a Service
- Attacks via SMS texting and messaging apps like Slack, Teams, Facebook Messenger, etc.
- More Interactive Business Email Compromise (BEC) Attacks
- Phishing inside of Shared Files
- Phishing Attacks using HTTPS websites
He closed with a list of tips to protect yourself and your organization:
- Obviously, hover your mouse over ALL links
- First, does the link look appropriate for where it claims to be sending you?
- Then, is the URL a mismatch for its purported destination?
- Finally, read carefully – “amazon.com” vs “arnazon.com”
- If you are skeptical, ask the sender if it is legitimate by another means
- When you receive a suspicious email, call the sender
- If you receive a suspicious text, email the sender
- In any event, DO NOT respond to the original message in the same mode
- Keep all computer operating systems and applications up-to-date with patches
- Run up-to-date antivirus software on your computer
- Implement email spam filtering and anti-malware scanning tools
- Use multifactor authentication
- Backup your data