What is phishing?
The word phishing is a is a homophone of the word fishing and describes a fraudulent attempt to obtain sensitive information, such as credit card information, usernames and passwords.
Phishing and malicious websites
Around 90% of cyber attacks are carried out via phishing emails or other text messages which often contain malicious attachments or links to fake websites or trick the recipient into giving up sensitive information. Sometimes these websites have even been specially designed to look like a real site that the they might know and trust. The only difference visible might be a slight misspelling of the web-page URL.
The phishing technique has been used almost since the dawn of the internet. Those carrying out scams usually initiate communication with their prospective victims posing as a trusted entity such as a bank, internet service provider, online stores, IT administrators and everything in between.
These email messages might range from the proverbial carrot to the proverbial stick – either promising riches or threatening loss. They often imply a sense of urgency, letting the receiver know that they must act fast if they want to claim their prize or avoid damage.
Regular, “old fashioned” phishing attempts usually fall under the bulk email category. Meaning that the criminals responsible cast a wide net hoping to catch even just one believer. Everybody gets the same email and to most of the recipients it might be obvious that this is phishing attempt. But for a few of them, it does not.
There are several other types of phishing attacks that are more specific, the most common of these are:
Voice Phishing aka Vishing
How to avoid phishing
Number 1: Provide security awareness training!
The best way to avoid cyber attacks in general is to be well informed. The more aware people are about the possibility of phishing the less likely it is for them to fall for those emails. That’s where continuous cyber security awareness training and a strong security culture come into play.
People can be trained to recognise phishing and how to deal with fraudulent emails. This security message needs to be kept top-of-mind for everyone within an organisation.
The methods to avoid phishing can range from simply recognising a fraudulent email on sight to verifying the message it conveys by alternative means. For instance, all transactions or verification requests should be double-checked with a phone call.
Other security measures
- Use spam filters
- Change browser setting to block fraudulent sites
- Change passwords regularly
- Don’t use the same password for multiple accounts
- Report phishing to the right channels when you see it
- Contact the company that’s asking for information directly
- Hover over links in emails to see if they have misspellings
- Don’t click on links in emails – type them into your browser instead
- Don’t click on attachments in emails unless you are sure they can be trusted
The dangers of successful phishing
When people get duped by a fraudulent email, they may only be harming themselves or their bank account. However, company email addresses are very popular among cyber criminals. Getting login information and passwords for company employees can be worth a lot more to these scammers. If these emails are successful in fooling, even just one employee, it can result in more serious cyber-attacks, such as ransomware, viruses, false payments and data theft. All of which comes at great cost both to a company’s pocketbook and its reputation.