What is Phishing?

What is Phishing?

What is Phishing?

Jeremy Cherny Blog

Learn how phishing works and how to prevent it.

So, what is phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Not worried? Heres why you should be.

According to Verizon’s 2019 data breach investigation report, phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks.

The estimated annual cost of cybercrime to the world economy in 2015 was $450 billion dollars.1 That is a staggering amount in losses. The most concerning aspect is that 90-95% of all successful cyber-attacks begin with a phishing email.2 It’s been estimated that around 156 million emails are sent each day, 16 million make it through the filters, and 800,000 of them are not only opened, but the phishing links are clicked, and out of those who clicked it is estimated that around 80,000 share compromising information.3 On top of this, each quarter some 250,000 new phishing URLs are identied. 4

What can you do to prevent a phishing attack?

Unfortunately, cyber criminals are becoming better and better at making phishing emails look legitimate. In turn, we need to become better about spotting them. Here are some best practices to follow to help prevent a phishing attack.

1. Always verify the sender is who they say they are by hovering your mouse over the email address in the email’s “From” field. While it may say it’s from your company’s CEO, there’s a possibility that it may just be a hacker posing as them.

2. Know that any email asking for personal information is a huge red flag! Treat emails requesting personal or financial information with extreme caution.

3. Verify an email link is going to legitimate website by hovering your mouse over the text of the hyperlink. Use caution when downloading email attachments as well. If you weren’t expecting a document from the sender, it’s best to not download it.

4. Typos galore? Red flag! Phishing emails typically contain spelling errors, poor grammar, ugly text layout, etc.

5. Prevent phishing and other cyberattacks by making sure your office machines have the most up-to-date security software installed.

6. When in doubt, contact your IT department or Team Tobin.

How can you practice phishing prevention?

IT pros have realized that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defense: USERS

Find out what percentage of your employees are prone to falling for a phishing attack with your free phishing security test from Tobin Solutions SleepWell Aware Security Awareness Training .

So, you got phished. What do you do now?

1. Notify your manager or supervisor or IT manager

2. Alert the rest of your company of the phishing attack to limit or prevent a breach by others

3. Call Tobin Solutions for immediate assistance – 414-443-9999.

4. Review and follow your security incident response policy plan

5. If you are already using two-factor/multi-factor authentication, you may be safe for this site. If you aren’t currently using it, consider enabling it to reduce the impact. Note that even with this enabled, the password is considered breached and should be changed.

Learn the rest of the steps to take after getting phished by downloading the What is Phishing? PDF. Make sure to share with your customers and colleagues.

REFERENCES :

i. CSIS McAee Report – https://www.mcafee.com/enterprise/en-us/solutions/lp/economics-cybercrime.html

ii. TrendMicro Research – http://www.techworld.com/news/security/91-of-cyberattacks-beginwith- spear-phishing-email-3413574/

iii. Get Cyber Safe – https://www.getcybersafe.gc.ca/cnt/rsrcs/nfgrphcs/nfgrphcs-2012-10-11-en.aspx

iv. McAfee – https://www.infosecurity-magazine.com/news/phishing-awareness-remainsabysmal/