What is Phishing?
To be a successful fisherman, you have to con the fish into taking the bait, right? A successful fisherman will “trick” the fish by way of deception with an attractive “lure” that looks like something it knows or wants. The same goes for “phishing” … the cyber crime kind. Phishing is a cyber attack that uses a disguised email (or any form of communication) as a lure. The goal is to trick the recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company, or a great promotional deal — and to click a link or download an attachment. Like fishing, this cyber crime comes in various forms, from “Search Engine Phishing” to individualised “spear phishing”, and like fishing, there are some very good phisher-men out there!
Perhaps one of the most consequential phishing attacks in history happened in 2016, when hackers managed to get Hillary Clinton’s campaign chair John Podesta to offer up his Gmail password. Or the “fappening” attack, in which intimate photos of a number of celebrities were made public. This was originally thought to be a result of insecurity on Apple’s iCloud servers, but was in fact the product of a number of successful phishing attempts. And again in 2016, employees at the University of Kansas responded to a phishing email and handed over access to their pay-cheque deposit information, resulting in them losing pay.
The sheer number of emails sent every single day means that it’s a great avenue for cybercriminals. It’s estimated that 3.7 billion people send around 269 billion emails every single day. Researchers at Symantec suggest that almost one in every 2,000 of these emails is a phishing email, meaning around 135 million phishing attacks are attempted every day. Most people simply don’t have the time to carefully analyse every message which lands in their inbox – and it’s this which phishers look to exploit in a number of ways.
So how can you avoid the lure of being caught out with Phishing?
The first step is education. Phishing has evolved over recent years, becoming more sophisticated and harder to recognise. There are a number of steps you can take and mind sets you should get into that will keep you from becoming a phishing statistic …
- Keep informed about phishing techniques. New phishing scams are being developed daily.
- Install an anti-phishing toolbar. Most popular internet browsers can be customised with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it.
- Always check the spelling of the URLs in email links before you click or enter sensitive information.
- Watch out for URL redirects, where you’re subtly sent to a different website with identical design. Hover over links that you are unsure of before clicking on them. Watch out for subtle spelling errors of well known sites like amaz0n.com instead of amazon.com.
- If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than just hitting reply. Social engineers and educated hackers have become increasing adept at personalising messages to individuals (spear phishing) with promotional deals for places or things you already visit or buy. Read carefully before you click.
- Verify a site’s security. As long as you’re on a secure website your risk is significantly lower. Make sure the URL begins with “https” – the s stands for secure, and that there is a closed lock icon near the address bar. Check the site’s security certificate as well. Never download files from suspicious emails or websites. Even search engines may show certain links which may lead users to a phishing webpage which offers low cost products or deals.
- Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media.
- Be wary of pop-ups. Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups.
- Use firewalls. High quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or network.
Our Phishing explainer video here will hammer this home, too!
CybACADEMY courses powered by GoldPhish® educates employees on the cyber risk and helps build a more secure organisation with awareness training.
Our current FREE100 Campaign is aimed at helping smaller businesses get one step ahead of the cyber criminals with Free awareness training.