Phishing is one of the most effective cyber-attacks largely because it exploits what is often the weakest link in an organisation – people. It is one of the top type of cyber attacks affecting organisations.
Phishing is a common type of email scam which generally involves a hacker sending a fraudulent email (or SMS message) . Many of these links and attachments either result in malware being downloaded onto the victim’s computer or in personal data being stolen.
While many companies have spam filters in place which can prevent a large amount of phishing emails, scammers have found ways around these so they are not a foolproof solution against phishing.
Common features of phishing emails often include:
- A call to action
- Often there is poor spelling and grammar
- Irregularities in email address. May also be from someone the recipient rarely if ever has contact with
- A suspicious looking link or unknown file attachment
However, as people have caught on to the tactics used, scammers are getting smarter …
Phishing attacks are now becoming increasingly sophisticated – especially with the rise of spear phishing and Smishing.
Spear phishing is the term for a more sophisticated type of phishing attack which differentiates itself from regular phishing by appearing more tailored to the victim. Many times, clever scammer will use spoofed email addresses and attempt to impersonate your coworkers. A lot more phishing emails are now also putting effort into graphics to appear as if they are genuine emails from trusted sites such as Facebook or entities such as banks and the ATO.
Smishing is another type of more modern phishing attack which relies on SMS rather than email but uses the same principles. Usually these types of text messages will include a shortened link and encourage recipients to open it.
As phishing relies entirely on human factors, the best way to protect yourself and your organisation is to ensure staff are adequately training. Security awareness training should be conducted as regularly as practical and should include phishing simulations. Ultimately, phishing uses psychological factors to exploit your employees so getting on top of phishing attacks so training should focus on changing your employees’ behaviour when it comes to ensuring they don’t click on or respond to phishing emails.