Phishing accounts for 90% of data breaches and 15% of people successfully phished will be targeted at least one more time within the year.
Listen to the blog
Phishing attacks are not only increasing as time goes on and our lives and data get stored online, but they’re evolving. To protect yourself from Phishing you must understand what it is and some of the methods to begin protecting yourself.
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising something as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Phishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.
Types of Phishing
There are a several different ways you can be Phished, we have listed some common methods and some details about them.
Phishing attempts directed at specific individuals or companies is known as spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.
The term whaling refers to spear phishing attacks directed specifically at high-profile targets such as executives. In these cases, the content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email may be an executive issue such as a subpoena or customer complaint.
Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. Normally this requires either the sender or receiver to have been previously compromised for the malicious third party to obtain the legitimate email.
How to avoid being Phished?
To ensure you protect yourself and your business from the dangers of phishing attacks here are some things you can do today to start enhancing security
Knowing is half the battle with phishing, once you are aware and informed on common techniques and what to start looking for it becomes easier to spot attacks.
Anti-Phishing Tool Bar
All major browsers now have lots of options, take a look here for a list of free toolbars that you could install.
Verify a Sites Identity
Look at a website’s URL in your address bar. In a lot of phishing cases, the web address may look legitimate, but the URL may be misspelled or the domain may be different (.com when it should be .gov) or sometimes letters are replaced with numbers, extra letters and similar characters (instead of www.google.com someone would add an extra letter making it difficult to notice such as www.gooogle.com).
Update to Date Browser
Security updates are released for internet browsers all the time. They are released in response to the security vulnerabilities that Phishers and other hackers discover and exploit. If you ignore messages about updating your browsers, stop. The minute an update is available, download and install it.
User Anti-Virus Software including has Anti-Phishing
Use anti-phishing software to detect phishing emails and websites. This feature is a must have when trying to reduce the risk of phishing attacks.
Please remember there is no single fool-proof way to avoid phishing attacks!
Need some more advice on Phishing in your business?
Drop us a message or give us a call and we will be in touch to help you gain a better understanding