The Phishing Adventures of Huck Phinn, Reeling In the Damage
Chapter 5 In the previous chapter, we left Huck with no idea he had given a phishing scammer access to his employee network credentials. But beneath...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
Cyrus Robinson : Feb 24, 2021 12:00:00 AM
Chances are you know about the dangers of clicking on fake emails so you carefully scroll through your inbox to delete them. You are especially vigilant before opening any email on business accounts, but no matter how many suspicious emails you spot, they keep coming.
Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them. |
The damage caused by email security breaches is staggering. The FBI says that Business Email Compromise resulted in more than $1.7 billion USD in losses for businesses in 2019; one primary method that attackers use to break in and harvest credentials is phishing. A Verizon 2020 Data Breach Investigation report found 32% of all breaches involve phishing.
Phishing emails generally fall into a few different categories:
Despite all efforts to stop these attacks, there are still plenty of phish in the sea, and this tactic requires minimal effort for a potentially large pay-off. What motivates Phishing attackers? Here are a few of the more common ways bad actors can use harvested credentials:
In the next chapters of this blog series, we will share real phishing email examples dissected by Ingalls Information Security on behalf of clients. We’ve changed their names but kept all the details real
Even if you think you’re skilled at spotting a phish when you see one, we hope you can pick up a few more tips and even share this knowledge with others.
In the meantime, take another look at your inbox. If you see something suspicious, use our “How to Spot a Phish” checklist to help you decide if it’s a phishing email and what to do with it.
...to be continued.
Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
About the AuthorCyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.
|
Chapter 5 In the previous chapter, we left Huck with no idea he had given a phishing scammer access to his employee network credentials. But beneath...
Chapter 3 In the previous chapter, Huck Phinn, who works for an environmental group, narrowly escaped a phishing email trap by recognizing red flags....
1 min read
In September 2021, multiple security research teams observed and reported email reply-chain attacks that distributed new SquirrelWaffle Loader and...