Introduction
Phishing: It’s the last thing anyone wants to fall for and one of the most prevalent threats to businesses today. As cybercriminals get more cunning with how they draw new victims, keeping up-to-date with the latest threats will help you see the signs when it happens to you.
What is phishing? It’s a kind of social engineering attack that disguises itself as a genuine communication, in order to convince victims to give up private, identifying information. Then the hackers can gain access to your machine, network, bank account and more.
Why Phishing Is Such a Threat
Did you know that 93% of breaches involve phishing attacks? It’s that common. Since phishing attempts are often tailored to the victim, so as to best convince them to give up identifying information, they’re a very powerful tool for hackers.
They work so well because they’re personalized to ensnare each individual victim. Think about it: Which link would you be more likely to click on, one from a generic Gmail account or one that has the same domain as your organization? Would you trust your friends more than a vague, major company contacting you out of the blue?
Of course. That’s why phishing works so well, and happens during so many cyberattacks.
Most Common Tactics
See something like this? Report it to your IT team or follow other security procedures as directed.
- Random notifications that your password is expiring, with a URL that redirects you to a different site to capture your information.
- Email attachments from anyone you don’t recognize. HTML and HTM attachments are the most common form of phishing email file extensions.
- Mobile links, especially when your phone is connected to your work network.
- Other suspicious messages.
Consider the amount of Covid-related scams that have cropped up over the course of the pandemic. Hackers like to use current events, especially ones like this which cause panic, to convince people to make quick decisions and share private information that they would normally be clear-headed enough to keep secret. Phishing scams don’t always try to scare the information out, but will often play on your emotions to get you to lower your guard.
Big Phishing Campaigns Today
- Keylogging, wherein hackers track what you type to lift your private information right off of trusted websites.
- Trickbot campaigns. These initially began as strictly banking Trojans, but now unleash phishing and malware as part of the dig for financial information. It often self-propagates to keep spreading until someone puts a stop to it, too.
- Scams that target higher-ups in an organization. While lower-level employees can certainly let in threats, cybercriminals are more and more often going after executives and others high up in the security chain. Tricking them provides access to the most confidential, and valuable, information.
- Brand impersonation; Microsoft is the most commonly faked brand in modern phishing scams.
- Business email compromise schemes are on the rise again. Be careful before sending personal information, even to people that appear to be from your organization.
- Requests for you to update passwords, addresses, credit cards, memberships and security systems out of the blue.
How to Safeguard Your Business
There are little things you can do on a daily basis to keep out cybercriminals. Check messages’ senders and notice small mistakes in their email address or number that indicate it’s from someone trying to pose as a confidante instead. Be wary of links and attachments. In the end, though, nothing beats plain common sense.
Remember that small to medium sized businesses are at just as big of a risk as large organizations when it comes to cyberattacks. They often have fewer financial resources for support when a threat does come along, thereby making them susceptible to incurring relatively larger damages. Protect both your personal and professional accounts so that hackers have less to work with when launching social engineering attacks.
Conclusion
Everyone in your organization needs to be aware of how to spot and respond to phishing threats. Lately, ransomware has become a bigger and bigger threat to organizations, and these cybercriminals often use phishing tactics as the first point of entry. Most of time, that comes via email.
Education is the best prevention. Learn the early signs of a cyberattack and take action before they do real damage.
References
