Phishing Attacks


What is a Phishing Scam?

Phishing attacks involve fraudulent communication, usually via email, appearing to come from a trusted source. The goal of these attacks is to steal sensitive data like credit card and login information and install malware on a victim's machine.

Why should you care? 

In some circumstances, attackers obtain a victim's credit card details, banking logins, or other personal data for financial gain. Other times, phishing emails are sent to obtain employee login information, and/or corporate administrator credentials for use in an advanced attack, targeted against a specific organization. Most corporate attacks start with phishing and lead to Advanced Persistent Threats (ATPs).

How can I protect against Phishing Attacks?

Providing education on Phishing Attacks in your workplace and remaining vigilant is the best way to protect your business. Unfortunately, no single Cyber Security solution can prevent phishing attacks. A resilient business must take a layered approach, utilising user education, email & web security, malware protection, user behaviour monitoring, and authentication & access controls.

Types of Phishing Attacks

Deceptive Phishing

Deceptive Phishing is the most common type of phishing. In this case, an attacker attempts to obtain confidential information. Attackers use this information to steal money or launch other attacks. A fake email from a bank asking you to click a link and verify your account details is an example of deceptive phishing.


Spear-Phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites, allowing them to customise their communications and appear more authentic.


Impersonation tactics are often deployed in spear-phishing emails. They mimic a sender and/or domain, to impersonate executives, staff, business partners, and well-known internet brands, to fraudulently extract money or data. Spear-phishing is often the first step used to penetrate a company’s defenses and carry out a targeted attack.


When attackers go after a “big fish” like a CEO, it’s called Whaling. Attackers spend considerable time profiling their target to find an opportune moment and means of stealing login credentials. Whaling is of particular concern due to the scope and sensitivity of data able to be accessed by the target.


Similar to Deceptive Phishing, Pharming sends users to a fraudulent website that appears to be legitimate. Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.

How can OAS Technology help?

Develop and deploy Behavioural Controls

The best way to protect yourself and your business is by developing and deploying Behavioural Controls. Behavioural Control refers to certain control factors in place by a business to build a robust, regimented, and educated workforce.

This could include, but is not limited to:

  • Only using approved software and hardware
  • Procuring goods and other services from trusted suppliers
  • Introducing policies, processes, and best practice procedures to avoid falling victim to Cyber Fraud
  • Using evaluation systems to measure how successful these processes and practices are
  • Leveraging our education and training to provide real-world examples, case studies, and practical hands-on exercises to ensure good Cyber Security is achieved

Develop and deploy Technical Controls

Technical Controls are the security controls of an IT system that are primarily implemented and executed through mechanisms contained in the hardware, software, or firmware components of a system.

OAS technology can help your business with a range of services to protect you from Cyber Crime. 

  • By partnering with the world-leader in Cyber Security, the OAS Cyber Security Suite provides a holistic system for your entire business
  • The OAS Email Security Platform provides advanced threat capabilities in addition to traditional email security features. The system analyses emails for malicious hyperlinks or attachments and blocks attacks.
  • Using Multifactor Authentication provides secure access to your applications and data by verifying the user’s identity using a second source of validation like a phone or token

If your business needs assistance with setting up a Cyber Security Strategy, chat with your Account Manager today. Contact us on 02 4940 1800 or email [email protected]

Continue Reading
close popup
Minder Status
Minder Minder Hosted Infrastructure
Minder Wide Area Networking
Minder Managed IT Support Services
Minder Virtual PABX
Minder IT Security Service
Minder Professional Services
cloud left cloud right