Phishing is a form of online fraud in which the fraudster deceives a victim by means of official-looking e-mails and/or websites, which usually "angle" for login data or payment card data. An interesting fact is that the term phishing is a composition of fishing (angling) and phreak (phone + freak: hacker of telephone exchanges).
The following types of phishing also affect SMEs
In the case of bank phishing, a fraudulent sender tries to trick you into sharing your personal, financial or security information. Think of bank accounts, card numbers and PIN codes. By copying the logos and layout of real e-mails and using compelling language and/or deadlines, fraudsters try to convince you to download an attachment or click on a link. The attachments often contain malware, while the links often lead to a fraudulent copy of an official website (e.g. e‑banking). In both ways, the fraudster tries to steal your login data. You can find an example here
In the case of Business Email Compromise (BEC), also known as CEO fraud an employee who is authorised to make payments is misled into paying a counterfeit invoice. Or an e-mail purporting to be from the CEO asks you to transfer your business account to the account of a fraudster. You can find an example here
In the case of invoice fraud, someone pretends to be your supplier, service provider or creditor and either sends a counterfeit invoice or asks for the bank details of a known beneficiary to be adjusted so that payments for future invoices arrive at the fraudster's account. You can find an example here
In the case of smishing (SMS + phishing), fraudsters send you a text with a link to a fake website. In the case of vishing
(voice + phishing), they even call you in an attempt to retrieve personal, financial or security data, or to transfer money to them. You can find an example here
The above examples prove once again that the human link remains a worthwhile target for cyber criminals. Security awareness training (resilience training) for all employees (including management) remains important but needs a remake that makes the whole thing more attractive and clearer than the old greyscale PowerPoint presentations.
For resilience training including phishing testing, more info and further questions about phishing or cybersecurity in general, you can always contact Vandelanotte Security & Privacy via firstname.lastname@example.org. We will discuss your questions or concerns with you and propose a personalised range of services.
We base our advice on current legislation, interpretations and legal doctrine. This does not prevent the administration from being able to challenge it or to change existing interpretations.