Everything you need to know about phishing
Phishing is a hot topic, now more than ever before. We cannot deny it, it’s everywhere: on the news, on the internet. Everyone’s talking about the fraudulent practices and the many victims. But what is phishing exactly – and even more important – how do you prevent a successful attack? Let us guide you through it.
What is “phishing”?
Phishing is a criminal activity whereby someone contacts you pretending to be someone else (for example: a bank clerk, an employee at Google, etc.). They usually abuse the personal relationships and the trust to convince the victim to topen an attachment, to install suspicious software or to share personal data. The attackers mostly aim for address and banking information, providing them with access to banking accounts to withdraw huge amounts of money.
Spear phishing? Whaling? What’s in a name?
While “regular” phishing mails are usually sent out to as many people as possible, in the hopes someone will fall for it, spear phishing is way more goal oriented. They work the same way, but they are focused on a certain target audience, for example all employees of a company, or even a specific department. To increase the chance of success, the attacker will prepare thoroughly by collecting all relevant information about the target audience. This persistent form of phishing generally consists of multiple attacks, until the goal is reached.
Whaling is a form of spear phishing whereby the attacker aims for the employees on higher levels, like managers, directors and chief officers. These attacks potentially have a huge impact on the company when executed successfully.
According to Verizon’s 2020 Data Breach Investigations Report, phishing is still the number one source of data breaches, responsible for up to 22% of all data leaks.
So how do you protect yourself, your company and your colleagues? The first step is to recognize a phishing email.
How do you recognize a phishing email?
Nowadays, phishing emails look very realistic and believable. Luckily, there are a few things you could look out for.
One of those things is a different sender email address. Those differences are small. Think about capital versus small letters, one letter too many, a missing letter, a different domain name, etc. The differnce is often in the details. Stay alert!
How to prevent phishing?
- Think before you click
Never click on a URL in a random email or on an unfamiliar web page. Hover your computer mouse over the URL withouth clicking. This way, you can check the link and its credibility. Always double check the sender mail address and keep mind the small spelling differences they could use to trick you.
- Use a password manager
Change your passwords frequently and use a password manager tool to save all your passwords securely. Definitely do this for your most important accounts!
- Enable multi-factor authentication
Thanks to multi-factor authentication (MFA) your personal data stays protected, even in the case of a breach, because you always have to identify yourself multiple times. MFA will also detect a suspicious log-in attempt and warn you, so you can react on time by changing your passwords.
- Use a combination of network and endpoint security
It’s always smart to use 2 types of firewalls: a network firewall and one on your device. If they work together well, the chances of successful hacks drop significantly, because they have to break through both.
- Never share personal information
This may be the most important tip: never share your personal data. When in doubt, always investigate, or contact the organization via the contact information you can find on their website.
How can spotit help?
We offer a lot of preventive services. We could provide your teams with a security awareness training, or we could go the next step and raise their awareness of potential threats by practical courses and social engineering simulations.
Users can send suspicious emails to our AMIPhished tool to let our spotit SOC team analyze and verify the credibility.