April 9, 2015 By Rohan Ramesh 3 min read

A couple of years ago, I received a phishing email that told me my American bank account had been suspended and that I needed to log in and take corrective action. I knew this was a phishing scam because I live in Canada and don’t have an American account. However, other phishing attempts have proven to be craftier. Over the past few months, I have received several emails asking me to log in to my bank account to accept a special offer. These attempts continued when I failed to respond, with the cybercriminals upping the urgency. I now receive SMS text messages directly to my phone that say my account has been suspended and I need to click a link to resolve the issue.

How did the criminals zero in on my personal details to determine where I actually do my banking, let alone access my email and phone number? These are the types of sophisticated phishing attacks we are dealing with in present times. They are much more targeted and alarmingly personalized, exploiting my personal information and the products I use. The emails I received even had a Web address very similar to the legitimate URL my bank uses.

The average consumer may not be aware of whether this is a scam or a legitimate email from their financial institution — it is that well-orchestrated. Now, consider the average employee being targeted within your organization, since these types of phishing emails are often sent to work email accounts. All the cybercriminals need is a single click from any of the countless emails they’ve sent to various employees in order to gain entry to one endpoint within the network to compromise the entire infrastructure and infiltrate your data, causing millions in financial damages. Take a look at this hypothetical scenario in the form of a mini feature film to see how such an attack can play out:


Spear Phishing Attacks

If you’ve ever watched the show “Survivor,” you have likely seen a contestant using a spear to target a single fish at a time in order to catch it. Spearfishing is a more targeted approach when compared to the traditional fishing method of casting a huge net to catch as many fish as possible. In the cyber world, spear phishing attacks are growing in number and are getting more sophisticated in nature, targeting individuals and employees in various organizations to gain entry into the corporate network. They use personal information such as name, job title and shopping preferences to craft the perfect phishing email unsuspecting victims will assume is legitimate. This information is becoming easier to obtain, since we give out our information willingly to many online and social mediums in order to get discounts on goods and connect with friends and colleagues.

Traditional prevention solutions cannot prevent all such attacks all the time. The question is no longer if you will be breached, but when.

Threat Protection System

A robust threat protection system can prevent, detect and respond to cyberthreats and help proactively prevent malware attacks even before signatures or patches are created, keeping you one step ahead of cybercriminals. A combination of services can give you real-time situational awareness, accelerated risk prioritization and incident response that can detect and respond to a cyberattack or data breach within minutes to shut down an attack before damage is caused.

Read the White Paper to learn more: Proactive Response to Today’s Advanced Persistent Threats

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today