Get Started Today!  (415) 295-4898

croom new

415 IT Blog

A Field Guide to Phishing Attacks

A Field Guide to Phishing Attacks

Despite the name being mildly amusing, phishing attacks are no laughing matter. These scams, in all their different forms, wreak havoc on businesses—ranking as the top breach threat in the 2020 edition of Verizon’s annual Data Breach Investigations Report, and successfully impacting 65 percent of United States organizations in 2019 as reported by Proofpoint’s 2020 State of the Phish Report. Avoiding them requires you to be able to spot them, so let’s go over the different varieties of phishing that can be encountered.


Of course, before we begin, it is important that we establish what a phishing attack looks like at its essence, as all forms of phishing share a few of these same traits.

In a phishing attack, a target is sent a message that appears to come from a trustworthy contact to manipulate the target’s response. For example, one of your employees may receive an email that looks like it came from a prospect, a client, or vendor… presumably one that they should open. However, rather than opening the message to a legitimate communication, the email would either deliver malware via a download or send the recipient to a malicious website.

Due to this simple basis, phishing can be used as the foundation to various scams, delivered in different ways and relying on different tactics to take advantage of different targets.

Business Email Compromise

In a business email compromise attack, an attacker will pose as an authority figure or resource to coax users into transferring money into an account under the attacker’s control. By writing this email to suggest urgency, the attacker can effectively scare their target into acting without thinking.

These phishing attacks have the potential to be quite lucrative, with the average request in Q2 2020 totaling $80,183.

Clone Phishing

Some attackers play copycat with their phishing messages, duplicating a legitimate email that their target would likely have encountered before. In doing so, they make their attack appear more convincing and thereby more likely to fool their intended victim. The lone difference—the included link is switched out for one that directs the target to a spoofed website, with a disclaimer explaining why resending the email was “necessary.”


Not all phishing attacks are distributed through email. Nowadays, smishing attacks—those dispersed via SMS—are another common enough tactic used. One of the main reasons that smishing is frequently successful is that people aren’t anticipating being phished through a text message. Text messages are also far more often read and responded to as compared to emails (98 percent read and 45 percent responded for texts, as compared to 20 percent read and 6 percent responded for emails).

On top of all that, mobile devices often don’t uphold the same security standards that a workstation will, leaving a user more vulnerable by default. 

Spear Phishing

Spear phishing is a phishing attack that goes the extra distance. Rather than targeting a user through a generic message, the cybercriminal will have done their due diligence and researched their intended victim. Because these attacks take more time and effort to execute, spear phishing is typically leveraged against higher-value targets. Due to how these attacks are crafted, spear phishing is also a tactic that features a higher level of success. These are even more dangerous for your users.


Vishing, or voice phishing, is a phishing attack conducted over the telephone. By calling up their target under the guise of a business or a financial institution, a scammer can extract credentials and other personally identifiable and sensitive data from their target.


As the name would suggest, whaling is a phishing attack that targets the biggest person in an organization: the boss. As the head honcho, it stands to reason that the business owner would have the most access to the business’ resources and data, enabling the cybercriminal to steal the greatest possible amount.

The CEO isn’t always the recipient of these types of attacks, either. Instead, other personnel will receive an email that looks like it is from the CEO or another high-ranking manager. The messaging in this looks casual and rushed, usually requesting the employee to send money or log in somewhere, or send credentials back. We’ve seen a lot of these going around the last few months, and it’s very important that your staff is looking out for this.

With the amount of background information that these attacks require to be pulled off, it isn’t uncommon for an attacker to do some research through social engineering and reviewing publicly accessible information to make their story more believable.

Phishing is a Serious Threat

While phishing can be largely avoided with the proper diligence, your team will need to know what they are looking for to stop it effectively. 415 IT can help. Find out what we can do to help keep your business secure by calling (415) 295-4898.

Tip of the Week: Sign a PDF in Windows
Social Media Is A Tool For Any Sized Business


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, January 19 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Technology Productivity Business Computing Best Practices Data IT Support Data Backup Network Security Privacy Hosted Solutions Cloud IT Services Software Efficiency Data Recovery Internet Email Managed IT Services Business Mobile Device Phishing Small Business Malware Google Collaboration Innovation User Tips Outsourced IT Cybersecurity Hackers Cloud Computing Business Management Tech Term Upgrade Smartphone Hardware Microsoft Mobile Devices Android Computer Managed Service Communication Workplace Tips Business Continuity Windows 10 Covid-19 VoIp Smartphones Quick Tips Backup Ransomware Disaster Recovery Managed Service Provider Paperless Office Encryption Communications Remote Work Network Passwords Data Management Browser Server Users Office 365 Wi-Fi Business Technology Saving Money Help Desk Remote Monitoring Managed IT BDR Artificial Intelligence Social Media Internet of Things Windows 7 Save Money Healthcare Compliance Holiday Vulnerability Government Document Management Managed IT services Applications Blockchain Microsoft Office Windows Data Security Chrome Miscellaneous Laptops Facebook Scam Automation Tip of the week Mobile Office Health Office Vendor Management Employer-Employee Relationship Virtualization Gadgets Avoiding Downtime Remote Processor Antivirus Project Management Wireless Analytics Two-factor Authentication Redundancy Bandwidth Information Meetings Training Mobility Machine Learning OneDrive Managed Services Files Access Control Virtual Private Network Infrastructure Software as a Service Net Neutrality Website IT Management Company Culture Employee-Employer Relationship Customer Relationship Management IoT Regulations Data Loss Apps Hard Drive Maintenance VPN RMM Router Storage Proactive Information Technology Networking BYOD Monitoring Search The Internet of Things Professional Services Remote Computing Gmail Remote Worker Risk Management Remote Monitoring and Management Cooperation Financial Server Management Operating System Money Recycling Vendor Holidays Employees Electronic Health Records Co-Managed IT Tablet Consulting Downtime Assessment Word Instant Messaging Patch Management Data Breach Internet Exlporer Dark Web Augmented Reality Password Network Management Smart Technology WiFi Computing Managed Services Provider Consultation Remote Workers Management File Sharing Alert File Management Time Management Spam Mobile Security Data Storage Flexibility Payment Cards Unified Communications Display Bring Your Own Device Unified Threat Management HIPAA Utility Computing Social Network Servers Digitize Unified Threat Management Digital Payment Hotspot Screen Reader Electronic Medical Records Return on Investment CRM Identity Operations Options Telephone Proactive IT Modem High-Speed Internet OneNote Permission Managed IT Service Computers Shortcut G Suite Authorization Database Management Bluetooth Black Friday Tech Support Features Shared resources Going Green Recovery Windows Server 2008 Gifts Mobile VoIP Shadow IT Mouse Language Smart Tech Settings Personal Information Content Filtering Lenovo Mobile Politics 5G IT Consulting Development How To Test Virtual Assistant Bitcoin Samsung Break Fix Private Cloud Manufacturing Permissions Motherboard Chromebook WPA3 GDPR Outsource IT SharePoint Cyber Monday IT Technicians Staff Cost Management Procurement Batteries Hacker Wireless Internet Big Data Websites Outsourcing Mail Merge User Error Computing Infrastructure Connectivity Transportation Active Directory Superfish Microsoft Excel Cookies Cables Wasting Time Current Events Peripheral Migration eWaste Bookmarks ROI Smart Devices IT Google Calendar Fraud Vulnerabilities Fleet Tracking Zero-Day Threat Laptop Downloads Cyberattacks Social CIO applications Optimization Employer/Employee Relationships Apple SaaS Video Conferencing Address Alerts Mobile Device Management Windows Server Banking Managing Stress Customer Service Travel Nanotechnology Wires Database PCI DSS Chatbots Virtual Reality Favorites Hard Disk Drives Sensors Business Telephone Mobile Computing Asset Tracking Backup and Disaster Recovery Notes Touchscreen Hacking Remote Working Firewall Mirgation Read Only Security Cameras Virtual Machines Techology MSP Finance Proactive Maintenance Solid State Drive Biometric Comparison Wearable Technology Licensing Star Wars Point of Sale Tech Terms User Management Reviews Enterprise Content Management Technology Laws Technology Tips App Voice over Internet Protocol Projects Data Warehousing Identity Theft Enterprise Resource Planning Conferencing Solid State Drives Heating/Cooling IT Assessment Legislation Geography Human Error PowerPoint Trending Budget Emergency Multi-Factor Security Distributed Denial of Service Cache Printing Value of Managed Services Credit Cards Outlook Disaster Resistance Social Networking Authentication Cybercrime Cyber security Statistics Gamification Printer Specifications E-Commerce Theft Teamwork End of Support Marketing Regulation Twitter CES Education CEO Students Printers Daniel Stevens

Latest Blog

It isn’t often that you’ll hear a managed service provider say something like, “There’s no school like the old school.” In many ways, however, the basic principles of a solid business IT strategy haven’t changed all that much… despite the momentous changes that we’ve witness...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...