One of the most serious issues in the field of digital forensics is the tendency of individuals to be tricked by phishing attacks at home or in the workplace.
Criminals have become much more sophisticated in their approach to phishing in the corporate world. Here are some facts every company should be aware of when planning and implementing security measures in the business environment.
Types of Phishing
Rather than simply trying to elicit personal information and financial details from employees, phishing has evolved to include a number of different activities, all with criminal intent:
- Traditional phishing efforts usually involve the use of an email designed to look like a legitimate communication from a financial institution or other trusted entity. These emails will be sent to many different individuals at once to maximize the chance of catching unsuspecting victims. Links included in the email, however, will typically lead to a fake website that will collect the login information for use in draining bank accounts or accessing other resources illegally.
- Spear phishing emails target a particular individual or individuals to obtain confidential or financial information. These individuals are typically chosen on the basis of their access to resources within their companies.
- Business email compromise is a type of spear phishing that targets individuals within a company. When the employee downloads malware included in the infected email, they inadvertently provide access to their email to the criminals who crafted the attack. By monitoring the activities and contacts of the targeted individual, these criminals can create an email requesting a wire transfer or other financial transaction that will appear normal to avoid advanced computer forensics. The money disbursed will end up in the criminal’s account.
- Whaling is a term used for spear phishing directed at the CEO, CFO or CIO of a company. It is intended to provide immediate access to a wide range of confidential and financial information by infecting the computers and networks used by these individuals. Because upper management has greater access, the rewards for criminals in hacking these individuals can be far greater than at lower levels on the corporate ladder.
Training employees and management to recognize the warning signs of phishing and how digital forensics work can be a solid step toward protecting confidential, proprietary and financial information in the business world. Working with a company that specializes in cyber security investigations and computer forensics can provide additional protection in the corporate world.
At Beyond I.T., our experts can deliver the right solutions for cyber security investigations, vehicle forensics, intellectual property theft and other issues that your company faces on a regular basis. We work with you to help you address gaps in your cyber security perimeter. Call us today at 713-586-1846 to request a consultation with us. Our team of digital forensics experts will be happy to work with you.