Gone Phishing: What are Phishing Attacks?
Posted on 11/21/2017 at 12:00 AM
Phishing may sound fun, but in the case of phishing with a “ph,” it is not as fun as one might think. There are no fish in phishing, just bait. Read on to learn how to recognize bait and to learn other steps you can take to prevent you or your company from falling victim to a phishing attack.
What does phishing mean?
The concept behind phishing is actually similar to that of real fishing, except in the case of phishing, you are the metaphorical fish. A bad actor lures users into unknowingly divulging personal information by baiting them with an email that looks incredibly real. These emails can look like they come from a co-worker or even the CEO and they try to get users to click a link, open a file, reply with login credentials, or reply with confidential information.
A recent study by Google “found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.”
How do phishers phish?
There are many ways a group or person could try to Phish all with the same goals as previously mentioned. Some of those include:
- Spear-Phishing – in which phishers use personal information based on research to make emails look real
- CEO Fraud – in which phishers use email addresses that look similar to that of your CEO (or another high-level executive)
- Pharming – in which phishers attempt to redirect users to a domain that looks similar to one they know
- Cloud Phishing – in which phishers try to get users to download a file from or login to a cloud service
There are many other ways to be phished and new ways are always evolving.
How can you protect yourself and your company?
Be Skeptical:
Setting common practices for information shared over email and for clicking links and opening files is a must. Knowing that your company (or that most external companies) would never request you to give passwords or other sensitive information over email ensures that users would be skeptical of these types of attacks.
Be Critical:
Inspect links and files BEFORE opening them. Ask questions! If you receive an “urgent” message from a high-level executive asking for odd information verify with them (preferably in a different channel of communication).
Be Informed:
Frequently informing yourself, your peers, and your employees about the common (and new) practices of phishers, the potential effects of phishing, and ways to be skeptical and critical of emails should ensure a level of security.
Have a Plan:
Finally, having a failsafe for the worst-case scenario is always a good idea. Forbes outlines steps to take in their article “What To Do When You've Been Phished.” Some of their steps include quarantining the affected computer, changing passwords, running anti-virus software, and restoring backups.
Global Reach does take steps to protect our email users by using EdgeWave, a service that provides anti-spam, virus blocking, and malware blocking, which you can read more about in our Email Support page on the topic. If you have more questions about how Global Reach protects our email users or to start using our service, contact us today!
Categories: Safety and Security