So, your antivirus is up-to-date, along with your malware scanner; and you’re feeling pretty confident when it comes to your workplace security, right?
While this may be correct to a degree, there is one area of internet security that many businesses neglect to focus on. This is the area of phishing scams.
In the most simple terms, phishing scams are ruses designed to fool a user into giving away personal details that can then be used to access sensitive data, which in turn can lead to theft and extortion.
Phishing scams are in fact such a popular method of facilitating online theft, that cybercriminals are having more success using this method than any other at the current moment in time.
You may wonder how this has come to pass, considering the leaps and bounds made within the internet security field, but the main reason this type of attack is so successful is purely down to the fact that humans are always the weakest link in the security chain.
One of the best examples of Phishing scams you can check out is here => Don’t Get Fooled of Scam Email Claiming You Were Recorded Watching Porn
Unlike your antivirus or malware scanners, we humans do make mistakes, and we are particularly susceptible to making them when we are either rushing or panicking.
The cybercriminals know this and often try to get you to make a decision quickly.
An example of this would be an email supposedly from a service that you use, reporting an “unauthorized login attempt”, and recommending that you follow the link provided to change your password.
The link, however, will not be sending the recipient to the official website, but rather one created by a cybercriminal.
While phishing attacks have been around since the infancy of the internet, they have also become far more sophisticated in recent years (a trend that is set to continue).
‘Spear-phishing’ attacks are an extremely personalized form of attack, where the hacker will seek out personal information about the target, in an attempt to bypass any trust issues that a generic phishing email might bring about.
In these attacks, the hacker may have found information about the recipient’s name, position, and company in which they work.
Armed with this information, they can gain the trust of a target far easier, as many of us will let our guard down slightly when an email purporting to be from a client or service, is already familiar with our details.
With phishing taking many forms, from spear-phishing attacks to ‘pharming’ attacks (where a link in an email sends the target to a spoof website, to either gain login details or deploy malware on a system), you may be wondering what the best form of defence is against such criminal activity?
In essence, the best form of defence is education.
While phishing filters for email clients do exist, they are never going to catch every single attempted attack.
Having a workforce that knows the telltale signs of a phishing attack, however, will hugely decrease the chances of falling victim to them.
There are companies beginning to flourish that teach workforces about these signs and put them through their paces by testing the defences of a company with their own fake phishing scams.
Using this technique, they can show the employees exactly where they went wrong, and what they should have done differently.
Areas where cybercriminals often leave telltale signs are in the language and grammar used within an email.
For example, if you speak to ‘person A’ from the accounts department in a typically colloquial manner, and suddenly they are emailing you in extremely formal tones, it should raise an eyebrow.
Another sign to look for is the sender’s email address itself, along with generic greetings such as “dear customer,” while referring to “your company” rather than using the actual company name.
When it comes to the links included within these emails, it is often worth typing the URL of the website you are being asked to visit directly into the web browser yourself, rather than clicking the link in the first place.
If you do go through the link, compare the address in the browser to the official web address, along with the general look and feel of the website.
Once you start to enact a set of rules to follow, it is surprising how quickly it becomes second nature, and how easily scam emails and phishing attacks start to stand out from the genuine correspondence you receive on a daily basis.
In a world where we, as human beings (and the weakest link in the security chain), will be targeted for the foreseeable future, making sure that everyone in a company has some training to spot phishing attacks will make all the difference in how vulnerable you and your company look to the ‘bad guys’.
With companies as large as Marriott being targeted, there really isn’t any business out there that is totally immune to the threat.
If your business is online, then you are vulnerable, and If you are susceptible to attacks, you are likely to be targeted more.
Make sure you and your team are a difficult target.
As the old saying goes, “knowledge is power”, and that is never truer than when dealing with phishing attacks.