Phishing

What is phishing?

The word phishing is a is a homophone of the word fishing and describes a fraudulent attempt to obtain sensitive information, such as credit card information, usernames and passwords.

Phishing hook line and sinker

Phishing and malicious websites

Around 90% of cyber attacks are carried out via phishing emails or other text messages which often contain malicious attachments or links to fake websites or trick the recipient into giving up sensitive information. Sometimes these websites have even been specially designed to look like a real site that the they might know and trust. The only difference visible might be a slight misspelling of the web-page URL.

Phishing email

Urgent messages

The phishing technique has been used almost since the dawn of the internet. Those carrying out scams usually initiate communication with their prospective victims posing as a trusted entity such as a bank, internet service provider, online stores, IT administrators and everything in between.

These email messages might range from the proverbial carrot to the proverbial stick – either promising riches or threatening loss. They often imply a sense of urgency, letting the receiver know that they must act fast if they want to claim their prize or avoid damage.

Bulk phishing

Regular, “old fashioned” phishing attempts usually fall under the bulk email category. Meaning that the criminals responsible cast a wide net hoping to catch even just one believer. Everybody gets the same email and to most of the recipients it might be obvious that this is phishing attempt. But for a few of them, it does not.

There are several other types of phishing attacks that are more specific, the most common of these are:

Spear Phishing

Whaling

Voice Phishing aka Vishing

How to avoid phishing

Number 1: Provide security awareness training!

The best way to avoid cyber attacks in general is to be well informed. The more aware people are about the possibility of phishing the less likely it is for them to fall for those emails. That’s where continuous cyber security awareness training and a strong security culture come into play.

People can be trained to recognise phishing and how to deal with fraudulent emails. This security message needs to be kept top-of-mind for everyone within an organisation.

how to recognise phishing emails

 

The methods to avoid phishing can range from simply recognising a fraudulent email on sight to verifying the message it conveys by alternative means. For instance, all transactions or verification requests should be double-checked with a phone call.

Other security measures

  • Use spam filters
  • Change browser setting to block fraudulent sites
  • Change passwords regularly
  • Don’t use the same password for multiple accounts
  • Report phishing to the right channels when you see it
  • Contact the company that’s asking for information directly
  • Hover over links in emails to see if they have misspellings
  • Don’t click on links in emails – type them into your browser instead
  • Don’t click on attachments in emails unless you are sure they can be trusted

    Phishing security breach on smart phone

The dangers of successful phishing

When people get duped by a fraudulent email, they may only be harming themselves or their bank account. However, company email addresses are very popular among cyber criminals. Getting login information and passwords for company employees can be worth a lot more to these scammers. If these emails are successful in fooling, even just one employee, it can result in more serious cyber-attacks, such as ransomware, viruses, false payments and data theft. All of which comes at great cost both to a company’s pocketbook and its reputation.

Payments available