Phishing has been a cybersecurity concern for internet users since the mid 1990s. Phishing has evolved into massive, sophisticated campaigns orchestrated by hackers since the first, less effective attempts early on.
What is phishing?
Phishing is a malicious attempt by cyber criminals to try and lure consumers into giving up personal information such as birthdays and sensitive bank details through disguised emails or messages.
Today’s sophisticated attackers create identical emails as that of official banking institutions. Unsuspecting victims usually click and proceed to enter sensitive personal details in malicious websites.
After the attackers obtain your sensitive information, they proceed to make fraudulent transactions on your behalf including charges on your credit card, unauthorized wire transfers, identity theft and a lot more.
What do attackers target?
The main goal for attackers when carrying out a phishing attack is to steal sensitive information from internet consumers such as
- Passwords
- Bank login details
- Credit and debit card details
- Social Security numbers
- Medical data
- Sensitive personal information
Phishing tactics
Phishing attempts are carried out in various ways.
- Attachments
- Attackers can add malicious attachments that can be downloaded and install tracking software on your computer.
- Malicious links
- They can add links to emails that look very much like the ones you will get from official institutions. These links can then lead you to malicious website that can steal your personal information or proceed to download and install malicious software.
- Impersonation of legit institutions
- Through email cloaking, attackers can make you think the email you received is from a legitimate source. The thing to watch out for here is the links these types of emails usually contain.
What type of phishing attacks are there?
As mentioned at the beginning of the article, phishing attacks are becoming more and more sophisticated. This means that other types of cyberattacks have been developed by hackers in an attempt to trick you into providing them with your valuable information. Some of these include:
- Spear phishing
- This type of phishing is personalized and direct attacks to a group of very specific people. These victims are usually customers from banking institutions. Usually, hackers can somehow obtain lists of customer emails and contact info from these institutions and target them.
- Whaling
- This type of phishing campaign targets high profile personnel in companies such as CEOs and board members. They often go for the “big guns” in organizations and try to scam them into providing personal or sensitive company details.
- Clone phishing
- Attackers make very convincing “cloned” emails with malicious links or attachments. These types of emails make you believe they come from legit institutions that you are often involved with.
- Vishing
- Attackers try to scam victims through phone calls or voicemails. They often start off by asking you by your name and ask open ended questions to try and lure you into answering very sensitive information questions.
- Smishing
- Attackers use text messages in an attempt to trick victims into texting back sensitive information.
How does Phishing affect Cybersecurity and your Business?
According to a data breach study conducted by IBM, the average cost of massive data breach is roughly 3.9 million dollars. This average cost could be significantly higher or lower depending on the size of your organization.
Your company email is under constant attack. Falling victim to a phishing attack can jeopardize your entire company’s sensitive information. Besides losing yours and your client’s personal information, you may also have to deal with
- Loss of data
- Complete loss of your accounts
- Ransomware infections
- Malware infections
What to do if you suspect a phishing attack?
If you suspect that you have received an email attempting to lure you into providing sensitive information, the first line of defense is to NOT open the email at all and immediately delete it. Since attackers are often developing new ways to steal your sensitive information, it’s very likely that your information can be compromised just by opening the email.
It is also very important that if you do happen to open a suspicious email and realize the email might be a phishing attempt, to not download any attachments and to not click on any links.
You should never reply to these types of attempts either. Last but not least, report the email as a phishing attempt or spam to your email service provider.
If you happen to think you’ve been a phishing victim, the best course of action would be to first report it to the Federal Trade Commission and then to your financial institution.