Phishing represents the most common means through which hackers aim to gain entry into networks. Motives can range from financial fraud to malware delivery to espionage.

Phishing scams masquerade as legitimate looking emails, phone calls or text messages, which may appear to have originated with a reputable institution. Hackers intend for their targets to reveal sensitive information about themselves or the organization that they’re affiliated with.

Phishing emails

Although human error typically functions as the catalyst for phishing-based attacks, experts state that blaming the victim rarely works. Nowadays, emails may be so highly tailored (doctored) that the most assiduous of employees may still fall prey to a scam.

“We need to remember that not every employee has been hired as a security professional—security isn’t in every employee’s job description,” says expert Tim Sadler.

Social media and phishing

The widespread use of social media and the transfer of information to social media sites has enabled hackers to easily obtain information about a person. This information can feed the development of impersonation attempts. Once a hacker has fraudulently assumed a specific persona, the hacker can attempt to electronically associate with ‘colleagues’.

“When people [hackers] send spear-phishing emails, they’re taking on the persona or identity of a trusted person. That person makes it highly effective in terms of getting the target to comply with the request, pay the invoice, do what they need to do”.

Mitigating risk

Businesses can bypass phishing attempts by adopting zero-trust policies and new cyber security infrastructure. Humans typically represent the “weakest link”. Protect your employees. Pursue preemptive user protection strategies and prevent phishing across devices of all types.Why hackers can easily gain entry into systems via phishing

“Ultimately, people are just trying to do their jobs and cybersecurity incidents are caused unintentionally—people aren’t malicious in most cases,” says expert Amanda Widdowson.

For more information about phishing and spear-phishing, click here.