Phishing is one of the oldest and most pervasive cybersecurity threats. It’s been around since email was invented, and phishing attacks have evolved to evade even our most sophisticated cybersecurity defenses. That’s why we’re dedicating the third post in our education blog series in honor of cybersecurity awareness month to this important topic.
What is phishing?
The term “phishing” describes a wide range of tactics used to trick targets into providing something valuable to a criminal. Phishing attacks are usually sent by email and are successful when they trick targeted users into:
- Entering login information to a fake website (e.g. a fraudulent bank login page)
- Opening an unsafe email attachment
- Clicking an unsafe link
- Transferring money to an overseas bank account
How does phishing work?
Phishing attacks can vary, but they have a few things in common:
- They exploit human nature rather than exclusively technological vulnerabilities
- They trigger emotions by suggesting their request is urgent
- They spoof a trusted identity
Here’s how they work:
The targeted victim receives a phishing email with either a URL link or attachment purporting to be from a trusted sender, such as a bank or business service provider.
For URL phishing attacks, the email message may ask the recipient to log into a financial or service account. If the recipient clicks the URL link, they are taken to a fake webpage which looks very similar to the site of the organization the attacker is imitating.
Attackers also leverage attachments to deliver malicious macros or software that runs when the user opens the document or enables its contents. The open attachment installs malware on the user’s machine that can let the attacker steal information or take control of the system.
How effective are phishing attacks?
Phishing attacks are ubiquitous and extremely effective.
According to Wombat Security’s 2018 State of the Phish, 76 percent of organizations experienced phishing attacks in 2017 and 48% said that the rate of phishing attacks is increasing.
And these attacks are costly. According to the FBI, these scams have accounted for more than $5 billion in losses.
How can you prevent phishing attacks?
Your best defense against phishing attacks is to deploy a solution that grants you the ability to authorize legitimate email sent on your behalf and block fraudulent messages before they reach the inbox. In addition, employee security awareness training is vital.
To learn more about how you can build a defense against phishing, visit us here.