Phishing isn’t a new tactic used by cyber criminals, in fact, phishing has been common since the 90’s. But, as technologies advance, so do the ways in which cyber criminals try and deceive you into providing personal information and financial details.
Not only could a phishing attempt try and steal your personal data and financials, but phishing attempts could also try and attack your business. Due to the recent pandemic, many of us have been subjected to adopting a home-working environment, and cyber criminals will use this adjustment to their advantage – with 47% of employees falling for a phishing scam due to working-at-home distractions.
Here, we have created a simplified guide into exactly what phishing is, the different types of phishing attacks, how this could put your business at risk and the ways in which you can prevent a breach and protect your personal data and financials.
What is Phishing?
Phishing is a tactic used by cyber criminals by contacting individuals via electronic communications (i.e. email, text, phone calls and social media messages) usually with links (or even images) which when clicked, will take the recipient to a dangerous website or will instantly start downloading malware onto the device. Phishing could also be electronic communications imitating large companies, aiming to steal your financial details, personal data or account login information – phishing is one of the most common and simple methods of a cyber attack, with over 3.4 billion fake emails being sent daily!
Phishing communications are designed to provoke urgency and fear in the individual, causing them to act quickly without questioning the nature of the message – common key words to look out for include:
“Urgent”, “Request”, “Important”, “Payment”, “Attention”.
Checkpoint, software and hardware provider, released at the start of 2020, the top 10 most imitated companies with regards to phishing:
If you receive an email from a big company – who you’re likely to have an account with – look out for any language pressing the ‘urgency’ of the matter. Companies will never pressure you into promptly updating your personal information or banks details. Additionally, look out for spelling mistakes, pixelated images and questionable email addresses. If you are still unsure, contact the company directly from the information provided on their genuine website.
Spear phishing is when a cyber criminal specifically designs an electronic communication to be as personal as possible – this is to deceive one particular individual rather than being universal in their target. A spear phishing communication will contain personally identifiable features – such as your name, place of work or even things you have recently done, i.e. a recent holiday – which they have gathered from mediums such as your social media page.
A spear phishing communication could also be designed to look like it was sent by someone you know – such as a colleague. Always question the nature of something urging you to “reset your password”, “update payment methods” or with transferring information or finances.
Smishing is short for SMS phishing – this is when a cyber criminal will contact you specifically via text message, urging you to click links that will lead you to malicious websites or will automatically start downloading malware onto your device.
There are some cases were phishing attempts aren’t used to incite fear or urgency, but rather the opposite – in 2020, HMRC disclosed that a total of 58,921 SMS messages reported, claiming that the recipient was due a “tax refund” usually equating to hundreds of pounds. HMRC, and other companies, would never contact you like this about such matters. However, if you are still unsure, don’t respond to the message or click any links, but contact the company directly.
Whaling is essential spear phishing, however this is now aimed at wealthy, influential or high profile individuals. In 2016, the social media company Snapchat suffered from a whaling attack that resulted in all employees’ payroll revealed to the attacker – it isn’t uncommon for CEOs to fall victim to a whaling attack, as whaling is estimated to be a $12.5billion industry!
How Can Phishing Affect Your Business?
Not only do phishing attempts target individual people, but they also target your company and your employees. With 80% of breaches resulting from staff error falling victim to cyber criminal tactics, this could be your business that takes the hit from such a simple method. From phishing, cyber criminals could intercept your company’s sensitive data, company finances or compromise your networks through ransomware attacks.
Your staff are your company’s first line of defence against a cyber attack, this then needs to be just as strong and resilient as your networks. One of the most effective ways to mitigate your risk is through staff awareness training – implementing cyber security awareness and data handling training is the best way to ensure your first line of defence is equipped and educated in handling criminal tactics.
Our eLearning modules transform your staff into a resilient and knowledgeable workforce!
Not only do we ensure that we provide the latest information in cyber security awareness, but our carefully designed narrative structures make them easy to understand and remember.
With Mitilearn, you have the flexibility to build your own training content and policies, as well as perform phishing campaigns to put your employees’ knowledge to the test!