Tech Tips

Understanding the Most Common Security Attacks: Phishing, Malware, and Social Engineering
Published on
July 18, 2019

Cyber security is ever changing, so keeping up with the latest threats can be difficult. Phishing, malware, and social engineering are all security threats that you’ve probably heard of. It’s important to understand these common attacks, know how they can affect your business, and how to prevent them from happening.


Phishing, a type of social engineering, can be defined as any email designed to elicit a response from an end user. When you receive an email with a link or attachment from an unknown user, it’s likely that it is a phishing email. By targeting end users, attackers are likely to accomplish the goal of gaining access into your technical environment. Once they gain access to your environment, attackers install software, steal usernames and passwords, and more. As you can see, phishing attacks can cause major issues for your business, so here’s how you can work to prevent it. Implementing advanced email security, which includes phishing and spoofing protection, URL protection, and malicious file inspection, can keep these malicious messages from reaching your end users. Implementing a user awareness training program can also prevent your users from clicking on malicious links and attachments using simulated phishing attacks and other sources of education.


Malware, in the most basic terms, is any software that you don’t want to make its way into your environment, such as a virus or ransomware. The goal of malware is to get data from your company and make money from obtaining that data. They steal data from you, send it out, or encrypt it, and demand payment to unencrypt the data. Implementing advanced end-point protection, web filtering, DNS security, and advanced firewall protection can help keep your business safe from malware.


We mentioned phishing being a type of social engineering, but there are several types that you need to be aware of and protect against. Social engineering is any attack that is targeted at the end user. The threat can be in the form of email, such as blackmail and phishing, phone calls, or physical attacks. One of your users might receive a phone call from someone claiming to be your ‘IT guy’ or from your help desk asking for sensitive information to gain access to your environment. Because your end user trusts your help desk, they divulge the information to the attacker. Physical social engineering includes piggybacking and device leave behind. Piggybacking is when an attacker gains access into a restricted area, such as your office, by closely following them through a door or checkpoint. Attackers might also leave USB devices with malicious software on them in your office parking lot. When the user plugs it into their device, the device becomes infected. So, how do you protect yourself from social engineering threats? Have good internal policies, organizational culture, and train your users. Your users probably aren’t aware of these types of threats, so it is your job to properly inform them. You should also make sure users do not post sensitive information on social media as it is related to work or work-related travel. Attackers can use information from social media to legitimize the attack by researching the target’s role in the organization and business contacts and knowing when they are traveling.

There is always room for improvement when it comes to protecting your business from security threats, and CMA can help. Contact us today to see what our team can do for you!

IT Mentorship in Your Inbox

Subscribe and stay up to date on the latest insights, expert advice, and happenings in IT.