KNOW YOUR PHISH

How to Identify and Avoid Them

Click Each Phish to Learn More!

Phishing-Anglerfish-Updated min

How to Identify and Avoid Them

Click Each Phish to Learn More!

This campaign aims to empower people to learn more about PHISHING. ​

 

Together, let’s prevent these invasive attacks from wreaking havoc on our companies, businesses, and personal lives!​

 

Being aware that these phishing schemes are as real as some of the incredible sea creatures in our ocean is the first step towards a safer and more secure digital health.

THE ANGLERFISH

​In the murky depths of the ocean, the lure of the anglerfish grows blindingly bright. It’s waiting to attract and devour a clueless little prey!​

 

Angler Phishing, also known as “social media phishing,” uses the same tactic too!

ATTACK VECTOR:

Cyberattackers either create a fake social media account of a particular bank or pose as a friend of the target. Their eye-catching messages will pop up in the target’s notifications or direct messages. Afterwards, the user can easily be tricked into clicking the link.

THE STONEFISH

The stonefish surely is a clever one! It camouflages to look like its surrounding encrusted rocks and corals. It patiently waits for its prey, then strikes and unleashes its venom!​ ​

 

In the same way, Clone Phishing creates an almost exact replica of an official email, but it contains a whole world of trouble!

ATTACK VECTOR:

In this scenario, after receiving a legitimate email, another email follows soon after. The second email claims to be a re-send. However, when you take a closer look at it, the links and attachments have been replaced.​ ​

 

The cybercriminal lies in wait for an unsuspecting victim. Once someone falls for the scheme, his or her list of contacts will be breached, and the malicious cloned email will then be forwarded to bait the next victim.

THE WHALE

Did you know? An average human is about 1000 times smaller than that of a whale!​ ​

 

And that’s why Whale Phishing was named after the largest marine creature on Earth due to the size and gravity of these cyberattacks.

ATTACK VECTOR:

Cybercriminals target executives or people with senior ranks within a company. After posing as the CEO, for example, and coming up with a similar email address, they can produce an email that requests the receiver, specifically their employee, to make transactions involving large amounts of funds!

THE PUFFER FISH

Pufferfish might seem small at first glance, but don’t let that fool you! When confronted by another fish, it would grow several times its normal size. Most species of pufferfish are poisonous and can even cause death in humans!​ ​

 

Similarly, the threat of Email Phishing cannot be downplayed because of its misleading and malicious nature.

ATTACK VECTOR:

Cyberattackers impersonate a well-known company. Then, they craft emails with a tone of urgency that calls for the receiver’s immediate action.​ ​

 

They tempt people to click a link that leads to a fake log-in page in which you fill up with your personal details and bank account information. They could also lure people to download a file that, when opened, turns out to be malware!

THE SPEARFISH

The long and pointy bill of the spearfish is not just for show! This creature takes advantage of its weapon-like bill to catch its prey.​ ​

 

Spear Phishing similarly uses a more targeted approach in emails that’s out to get you!

ATTACK VECTOR:

Cyberattackers exploit open-source intelligence (OSINT) or what is shared publicly on social media or a company’s website and extract information such as names of employees, job functions, and work numbers.​ ​

 

With these in their arsenal, they target specific people within the organization by sending emails that sound like they were from the same organization. The receiver then takes the bait and does the action.

Phishing is the umbrella term for cyberattacks that use social engineering tactics to make a person do an action that is against his or her best interests.

 

Cybercriminals phish by carrying out generic to specific schemes in order to collect your passwordscredit card information, other personal information, and anything else they can get!

 

Understanding the nature of these phishing attacks will help you know how to protect yourself and your data effectively. Let’s compare it to some of the most fascinating yet deceptive fish in our ocean!​ ​

HOW TO AVOID?

● Control the information you publicly share online. Have you seen viral posts on social media asking: what was the name of your first pet? Who was your first-grade teacher? Think twice before you comment on your answers. Phishing scammers might already be unlocking the security questions on your accounts!

 

● Watch out for links or pop-ups that incite your curiosity and fear!​ – Guard yourself against these attacks with Web Filtering Solutions. These can powerfully sort billions of web pages into various categories that you can allow or block.

HOW TO AVOID?

● Double-check the source of the email especially when there are suspicious elements.

 

● Be prepared for the worst by using Web Filtering Solutions. These can sort billions of web pages into various categories that you can allow or block.

HOW TO AVOID?

● Encountered a request out of the blue that involves transferring money to another account? Verify with the sender first through other trusted means of communication.

 

● Be a step ahead of the cyber attackers by applying Endpoint Detection and Response or EDR Solutions. These can be customized to automatically detect threats and respond to them by removing or containing them.

HOW TO AVOID?

● Be cautious about messages that demand urgent action.​

 

● Check for misspellings, grammatical errors, and wrong domains on links. Hover above the link, if possible, to see if it reveals a different domain.

● Beef up your first line of defense with a Secure Email Gateway. This can effectively protect you from phishing attacks with its advanced techniques in detecting and disarming threats in your emails.

HOW TO AVOID?

● Be on guard and encourage others in your company to be aware of these targeted attacks.

 

● Make the most out of Two-Factor Authentication Solutions. Aside from your password, you can doubly secure your accounts by applying other ways of authentication through other devices like your mobile phone or laptop.