What Is Phishing?
20 July 2022
Did you know that 1 in every 3,722 emails in the UK is a phishing attempt? Or that 88% of companies in the UK have suffered data breaches in the last 12 months?
Phishing attacks are some of the most effective techniques used by hackers to steal individual or company’s sensitive data. The reason?
It’s often much easier to trick someone into clicking a malicious link in an email or opening an unsafe attachment than to hack past a company’s firewall. For this reason, phishing attacks have become very common today, particularly in the UK.
Phishing scams range from classic email phishing schemes to more advanced approaches such as smishing and clone phishing.
In this article, we’ll discuss phishing in detail, including the various types of phishing and how they work. We’ll also explore the measures you can take to protect yourself and your employees from phishing scams. Let’s dive in!
Phishing is a type of social engineering attack that uses email, voice, and text messaging as a weapon. It occurs when a fraudster, impersonating a trusted entity, tricks the victim into opening a malicious email or text.
The victim is then tricked into clicking on a link or malicious attachment, which can lead to installing malware, hacking the network, or revealing sensitive information. To a business, an attack can be catastrophic, and could led to:
- Loss of money,
- Damage to reputation,
- Loss of intellectual property,
- Disruption of operational activities
One of the most popular yet consequential phishing attacks in history happened at Crelan Bank in Germany in 2016.
The bank was a victim of a business email compromise (BEC) fraud that cost the company a staggering 70 million Euros. The attacker hacked the email account of a high-level executive within the company and instructed their employees to transfer the money to an account controlled by the hacker.
Types of Phishing Attacks
Various types of phishing scams can be engineered against a business, including:
1. Phishing Emails
Phishing emails are the most common form of attack. The scammer uses an email address that resembles a legit personal or corporate email.
The email typically includes a request to click a link, open an attachment, send payment, change a password, or respond with sensitive information. Performing the required action provides the hacker with the resources they need to launch an attack or access a company’s network.
2. Phone Phishing
Instead of email, phone phishing entails using fraudulent phone calls to trick people into revealing personal/corporate information or giving money. In this case, the mastermind may claim to represent a company, government, or a trusted institution.
3. Email Account Takeover
The attack at the Crelan Bank in Germany is a perfect example of an email takeover scam. If an attacker acquires the email credentials of high-level executives, they’ll likely target anyone they can, including lower-level employees, using that email.
4. Spear Phishing
Spear phishing involves using a fake company name and key details about the target.
In this scheme, the impersonator finds other details about the victim, such as their job title, address, trusted colleagues, other contracts, or even samples of their writing to increase the effectiveness of the phishing email.
5. Clone Phishing
As the name suggests, a clone phishing scam duplicates a previous message but replaces legitimate links and attachments with malicious ones. Clone phishing is common in emails but may also appear in other channels such as social media or even text messages.
How to Prevent Phishing Attacks
As mentioned, a successful phishing attack can be catastrophic to your company. But with the right information and guidance, most phishing attacks can be thwarted. Here are three strategies to help prevent phishing attacks.
1. Employee Awareness Training
The first thing you’ll want to do is to educate your staff on what a phishing scam looks like.
Once your employees know the various techniques attackers use, they’ll never click on email links without performing due diligence or open email attachments without verifying whether they’re safe.
2. Install Firewalls
Firewalls effectively prevent external attacks, acting as a shield between your company’s network and the attacker. Used together, both network firewalls and desktop firewalls can improve security and reduce the chances of hackers infiltrating your company.
3. Ensure Company Computers are Updated Regularly
Most people ignore or postpone updating their systems because the process can take time. But doing so only subjects your systems to security threats.
Security updates are, in most cases, released to keep up with the modern cyber-attack techniques by patching holes in security. If you don’t update your systems, including your browser, you could open your systems up to attack through known vulnerabilities that could have been easily avoided.
Phishing occurs when an attacker, masquerading as a trusted entity, tricks the victim into opening a malicious email or text.
Phishing attacks can have devastating effects on a company, including loss of money, reputation damages, and disruption of operational activities. Worst of all, breaching resulting from phishing attacks can lead to litigations that could cause the company millions of dollars.
Organizations can protect themselves from phishing scams through various means, such as employee awareness training, installing firewalls, and ensuring the systems are up to date.
ICT Solution’s cybersecurity services will help you thwart the most sophisticated phishing and social engineering attacks. Contact us today to find the best solution for your cyber security or phishing prevention needs.