Cybersecurity has to be a top priority for businesses of all types and sizes, but if you’re a small business, it can be overwhelming to get started.
Your initial cybersecurity introduction should be phishing. Phishing is something that you don’t need a lot of advanced technology to prevent. What you do need is knowledge, understanding of how it happens, and you need to train your team to avoid it.
With that in mind, know the following about phishing.
What is Phishing?
Phishing is a type of cyber attack where a target is contacted, usually by email. The criminal poses as a legitimate individual or representative of an organization. The goal of phishing is to get someone to provide sensitive data, like bank account information or passwords.
Then, once a cybercriminal has access to that, they can access accounts leading to potential identity theft and financial losses.
Around 90% of major incidents that lead to a data breach begin with phishing.
Phishing scams are how criminals deliver ransomware, which has gotten a lot of attention in recent months.
Basically, the ultimate goal of any type of phishing attack is to get the target to take action.
They vary in complexity, but many are very simple.
In simple phishing attacks, the target is encouraged to click a link or download a document that installs the malicious payload.
There can be longer-term and more complex attacks as well, where a hacker uses emails and fake social media profiles to build a relationship with their target. Then, with time, they build trust, and that person may give them information.
What is Spear Phishing?
Spear phishing is one particular type of attack that is aimed at an individual or group. It’s very tailored in the messaging, which increases the chances of the scam being successful.
For example, if you were the victim of a spear-phishing attack, it might look like an online order you placed or a bank update. The information may be personal to you which is why they’re so effective.
Email phishing is the most frequently used specific technique. It’s efficient for the cybercriminal because they can send out thousands of messages in a short amount of time. They might get a lot of information even if just a tiny percentage of targets fall for it.
When attackers use phishing emails, they will create messages that often very closely replicate the organization they’re spoofing. They’ll study features like signatures, logos, and other details of emails to get it right.
These emails usually convey a sense of urgency, designed to push you into taking a specific action even before you can think about it.
Spear phishing was mentioned above, and to implement this type of attack, typically, the criminal will research employee names in an organization to gain access to invoices.
Features of phishing emails include:
- They might include something that seems too good to be true when they’re targeting an individual. For example, they might say you’ve won a prize.
- The hallmark of a phishing email is almost always a sense of urgency. Remember, the bad actor needs you to take an action quickly without verifying the email or any of the information in it, thus the urgency heightens your emotional response.
- If you get an email with hyperlinks, be careful. Before you click anything you should hover over it to see where you’re going to be directed. Watch carefully for misspellings.
- Attachments are a big red flag of phishing. If you get an email with an attachment and you don’t know the sender, or you weren’t expecting it, don’t open it. These files can and often do have viruses and ransomware.
- Anytime you get an email from someone you don’t know, don’t click anything.
Some phishing emails might go to your spam account, but many don’t.
There are a few things you can do to protect yourself. First, keep up to date on the most common tactics scammers are using at any given time.
Human error or not recognizing a phishing attack is one of the biggest reasons for data breaches.
Be cautious about everything you receive, and go over it carefully.
You can also use multi-factor authentication on your account, which means two or more credentials are required to log into an account. Back up all of your data in case anything does happen.
If you think that you’ve already responded to a phishing attack as an individual, then you should visit IdentityTheft.gov to figure out what to do next.