What is phishing?
Phishing is an exploitative attempt to dupe someone into handing over personal information. In 2019, the US Federal Bureau of Investigation reported that citizens lost $57 million to effective phishing attempts. Persons who engage in phishing, known as ‘phishers’, may attempt to steal passwords, account numbers or your national insurance/social security number. On occasion, they attempt to infect computers or devices with malware, which will collect credentials from across a user’s computer, and send them back to the cyber criminal.
Phishers may weaponize your details to siphon money from your bank account, to fraudulently impersonate you, or to sell your credentials on the dark web, where other cyber criminals will maliciously harvest them.
As a business leader, how can you recognize phishing scams?
Phishing scams vary in outward appearance, but certain similarities are prevalent across scams. All rely on trickery, and most rely on emails or text messages in order to lure victims.
Phishing scams often appear to be from a bank, social networking site, online payment site or app, or an online store. Within these phishing scams, criminals often state that:
- They’ve observed suspicious activity within an account that belongs to you
- There’s been an issue with processing a recent payment
- That they require personal information for some reason
- They’re providing you with a (fake) invoice for something that you may or may not have purchased
- A government refund awaits you if you’ll just provide a small piece of information…
- You’re eligible for free rewards
As a C-level, are you familiar with spear phishing?
The term spear phishing refers to phishing attempts that are targeted towards a specific individual or enterprise. Cyber criminals who engage in spear phishing have typically taken the time to conduct research on a person or on an organization in order to determine the most enticing type of email or text message to send them.
For example, if you’re the CMO of a business and your LinkedIn profile reflects an interest in hiring contract graphic designers, a spear phisher might send you an email saying ‘So and so referred me to you, and I have just the right graphic design skills to help take your ads to the next level. Click here for my profile and portfolio’. The profile/portfolio link would be malicious.
How can you protect your organization from phishing?
A recent report indicates that 90% of data breaches begin with a phishing attack, so it’s imperative that your organization takes the right precautions.
- Ensure that your IT team implements security software. It’s best if this security software automatically conducts updates.
Here are other suggestions for your IT professionals:
- Apply email filters. These can help prevent dangerous emails that contain malicious links from slipping through your system.
- Implement best practices around multi-factor authentication (MFA).
- Make use of Virtual Private Networks (VPNs). These ensure that your data is encrypted, or invisible to prying eyes, as it travels through cyber space.
- Backup your data.
- Provide employee education concerning phishing. Review what it looks like, and how to report it to the proper personnel.
For more information on phishing, visit Cyber Talk.