Phishing is the topmost form of cyberattack because it’s an easy way of taking recipients into confidence to click on links, open attachments, etc. and its prolific. Cyber criminals use different tactics in phishing emails to attract victims. As per 2017 Enterprise Phishing Susceptibility Report, 91% of Cyberattacks start with a phishing email. Verizon 2017 Data Breach Investigations Report states that 15% of Phishing attack victims fall prey a second time.
It’s crucial to understand how Phishing attacks work, educate employees and protect organizations against Cybercrime.
What is Phishing?
Phishing is a form of social engineering that uses emails, malicious websites and phone calls to solicit personal information by posing as a trustworthy source. Typically scam involves victims to provide sensitive information such as account login to gain access to some network/devices. Hackers, also use tactic to trick people into clicking malicious link in emails or attachments which in turn downloads the malware. Once malware is downloaded onto a device, the malware starts its work by encrypting all the files/folders with the goal of stealing the sensitive information or asking to pay a ransom in case of a ransomware attack.
Phishing is a major problem for businesses especially small and mid-size as their cyber security measures are not as advanced as those of bigger organizations.
Some common phishing methods are:
- Spear Phishing: It involves sending emails to millions of users requesting for wire transfer or personal information. Spear phishing involves research of target’s personal details like name/organization/ job profile etc. to make email more personalized.
- Misleading Email Message: Email is the most common form of broadcast method of Phishing attacks. Deceptive email messages about need for account credentials verification, free or discounted services, abnormal activities on account etc. are few examples of misleading email Phishing.
- Malware: This method of phishing uses malicious attachments in emails, downloads from affected website which could install Malware on victim’s computer if its allowed to run.
- Key loggers and Screen loggers: In this kind of malware attack, a program is installed on the victim’s computers which tracks keyboard stroke and passes the information to hackers.
- Vishing (Voice Phishing): In Vishing, phisher makes phone calls to users and pretend to be from trusted organization like a bank with the intension to get the access to personal/sensitive details.
- Ransomware: In this type of attack, a malicious software is installed on a device which starts encrypting files and locks out device users until a ransom is paid.
Tips to avoid Phishing attacks.
- Be suspicious of any email, text or social media posts, advertisements with urgent request of personal information
- Avoid clicking on links in emails, instead go to the browser and open the URL directly
- If you are in doubt, delete the email or call the company/person directly to verify its legitimacy
- Train employees on phishing attacks
- Don’t share personal information, password etc. via email, instead call and share it.
- User secure websites starting with “https” to access any sensitive information online
- Don’t connect to open/public WIFI networks, always use mobile data plan.
- Always encrypt mobile devices, laptops, USP drives
- Keep all software’s and devices up to date with latest security updates.
- Always use Standard account for day to day activities on computer instead of admin account.
CompCiti Business Solutions, Inc. is an IT Security Company in New York since 1996, CompCiti protects its client from outside threats including ransomware, viruses, malwares, phishing attacks etc. CompCiti offers 24/7 and Level 3 support. CompCiti can ensure your IT systems are secure and efficient. To find out more about our Managed IT and security services in New York, please contact us (212) 594-4374 for a free phone consultation and to find out how CompCiti can help you to protect your systems from any cyber threats.
Image by Pixabay