New phishing attack tactic starts with a linkedin job offer from a fortune 500 company

Without a doubt, Phishing attacks are a very big problem on the Internet. Hackers use these types of strategies to steal passwords and thus compromise users’ privacy. Although we have more and more filters and knowledge to defend ourselves, cybercriminals are also perfecting their techniques. Cyber security awareness courses experts have discovered a new trick to do Phishing attacks.

A Phishing attack is basically an email or message that reaches us and contains a false link. By clicking we enter a web page that pretends to be legitimate or download a file that is actually malware. The attackers want us to log in and thus be able to steal the data.

But these types of emails are less and less successful. We are more prepared and we know that a strange email containing a link or a file can be a fraud. And that makes hackers look for new techniques to achieve success. That is why they are making more elaborate Phishing attacks and not just sending an e-mail.

So what do attackers do? They are using other social engineering attacks. For example one in which they indicate that they would like to have an interview with us because they have seen the profile on LinkedIn and are interested. Perhaps they contact us to be interested in something specific, give us information, etc.

This can be repeated 2 or 3 times. The goal is to gain trust. They do not seek to arouse suspicion in the victim. They simply wait for the moment to send the mail that is going to be the real Phishing attack. In that e-mail they may send something that is related to the previous ones, where it will have a false link or a file that is actually malware and they hope that the victim will download it.

Therefore, this preliminary work, which can last even days, makes the victim less afraid of opening an email that is going to be malicious. You are more likely to fall for it than if you just receive a random email.

What can we do to avoid being victims of this type of Phishing attack? According to cyber security awareness courses experts you should basically follow the same advice as for more traditional attacks. The first thing is to maintain common sense. You can always look at the email address that sends you that email and analyze if it contains something strange, see account information, ask the supposed company that sends the email, etc. It is always important to detect Phishing attacks.

It’s also a good idea to keep everything up to date. Many such attacks will take advantage of unpatched vulnerabilities. You must always have the latest versions of the operating system and not leave the equipment exposed to possible failures that can be exploited by a third party.

Also, having a good antivirus installed will also help. It is ideal in order to detect malware and be able to eliminate it before it carries out an attack against the system. It is a good idea to always take cyber security awareness courses in your company to detect these threats.