Phishing is a form of cybercrime where criminals masquerade as legitimate organizations (usually by email), compelling unsuspecting victims to click on malicious links designed to steal data or infect computers with malware. If you’ve ever received an email purporting to be from “G00g1e” or “Y0ur B3nk”, asking you to “update your password” via a strange-looking link, congratulations – you’re no stranger to phishing!
According to Tessian, 96% of phishing attempts arrive by email, however, text messages and social media sites can also be used to carry out phishing attempts.
How to recognize a phishing message
Whatever the chosen channel, the common denominator is that phishing messages usually come from legitimate-appearing organizations which often use personal information to appear more convincing. Attackers will often combine this appearance of legitimacy with a false sense of urgency to detract potential victims from actually thinking about the legitimacy of the message.
For example, victims may receive emails with attached ‘delivery invoices’, with warnings of returning the goods to the sender if payment isn’t made immediately. Opening the attachment out of curiosity or fear could inadvertently infect the victim’s PC with malware, such as ransomware. Ransomware will restrict access to the victim’s files and demand large payment (ransom) to restore access. Worse still, paying the ransom offers no guarantee of restoration of access.
Another way involves sending false password reset emails stating compromise of the potential victim’s account. Clicking on the link leads to a false, yet believable login portal leading to an actual account compromise if correct account details are entered. With access to usernames and passwords, criminals could change the victim’s password, locking them out of their accounts, or using their accounts to make fraudulent purchases.
How to protect your business against phishing attempts
Users most at risk are those who tend to share the same password (perhaps for easy recall) across several online accounts as on gaining entry to one account, criminals may try to access other accounts using the same details. Password managers offer a practical solution to the problem of recalling different passwords for different accounts.
Protecting oneself from phishing starts with being email vigilant, especially when it comes to identifying email oddities – spelling mistakes, odd phrasing, and unnecessary urgency. Even emails from familiar senders should be scrutinized if they seem even remotely suspicious. If doubts persist, it might be best to contact the sender via other means for clarity.
Another effective method against phishing scams is two-factor authentication or 2FA – a security measure that is becoming increasingly commonplace. 2FA allows users to set up a password as well as an extra layer of verification (such as an SMS message sent to a phone) which must be completed to allow access. In the event of a phishing account breach, the inability to complete the second layer of verification restricts access to the users account by the attacker.
Finally, it also helps a great deal to have good antivirus software installed. A good antivirus will usually automatically block phishing attempts from questionable sites.
Security is key
The best way to protect your business from phishing attacks is often a combination of multiple security measures. Even as such, one poorly trained employee would be all it takes to fall victim to a phishing attack. Therefore, it is of utmost important to ensure that your employees are adequately trained and constantly updated with evolving phishing methods to protect your business. If you need assistance with toughening up your security measures against phishing and other cyber warfare, contact us at ExceedPC and we would be more than happy to help!