Suppose you come into work on a Tuesday morning following a brief vacation away from your busy work atmosphere; you start to dig into your office inbox and find an email from your bank, which in of itself shouldn't be all that unusual. It contains a link to the bank's website noting that a money transfer was unsuccessful and you need to log in to reclaim the cash. Another email is from a social media platform you use regularly letting you know that there is a request outstanding that needs your attention, or your account has been compromised and you need to change your password.
Seemingly harmless, these emails and others like it can be examples of phishing, a method of online identity theft.
What is Phishing?
Phishing is a form of cyber-attack that is carried out by a criminal with the intention to infiltrate their target's personal and working data. Typically, you can expect phishing attempts to come over an email but the scam has reported attempts over messaging services, apps and social media. The attacker will pose as a service you may be using, a company you would be familiar with, or even a colleague that you would typically receive emails from regularly. Hackers can also play the long game, using more complex fake social media profiles and emails to build rapport with their targets over the course of several months, with the goal of gaining trust so their targets hand over the targeted data.
Since it's far easier to trick someone into clicking a seemingly legitimate phishing email than break through a computer's defense, phishing has become a cybercriminals preferred method of attack.
How Phishing Works
A phishing attempt will usually look urgent, prompting you to click on a malicious link that will take you to a fake log in page or a website asking you to grant some sort of permission. At a quick glance, the webpage will have every detail of being a familiar and legitimate platform, encouraging you that entering your information and passwords will be safe.
More sophisticated scams will target business users and pose as someone within the organization. These phishing attempts will usually request you to download an attachment containing information or request that you send private data.
Hackers are continuously improving and refining new methods for phishing schemes to steal personal information. An estimated 37 billion people send roughly 269 billion emails every day, making it an obvious attack vector for cyber-criminal. Symantec recently suggested that 1 of every 2,000 emails is an attempted phishing attack, meaning there are around 135 million phishing attempts every day.
With methods continuously evolving, it's important to keep a keen eye on the emails sent to either your business or personal email.
How to Prevent Phishing
There are numerous methods and sophisticated software on the market that will assist in the fight against phishing, but the best kind of phishing defense begins with educating users. In a post from phishing.org, you can study a few red flags that may be a dead give-a-way of a phishing attempt that may otherwise be an oversite. Effective training of your staff and enlightening them on phishing attacks can go a long way to protecting your organization.
Stay tuned for Nucleus’ upcoming launch of an Advanced Security offering that will address phishing, malware, and other variations of cyber-attacks that could be threatening to your organizations private data.