What Is Phishing
Cybersecurity attacks are a major threat to organizations. According to the National Cybersecurity Alliance sixty percent of small to medium businesses that fall victim to a cyberattack, go out of business within six months.
One common cyber-attack method is called Phishing. Phishing is a socially engineered scheme that attempts to trick a user into sending revealing information that can be used for fraudulent purposes.
These attempts can look very convincing even up to the point of copying a brand’s logo, theme, and colors. Often there will be a message in these emails that requires “urgent action”
A potential phishing scam could say something like this: “Your tax return at HR block has been rejected click here to fix this now” Or ” use this link to update your return now.” Once you have clicked the link in that message the criminals behind that attempt are able to gain access to what they want.
To help our clients spot real phishing attempts, we randomly send them fake phishing emails that we have created to trick them. Recently we sent one of these fake phishing attempts and the number of people who fell for it went up from our usual average.
Reasons Why Phishing Attempts Are More Likely Right Now
Phishing attempts rely on humans to make a mistake that allows the bad actor to gain the information or access they are looking for. This means that these messages will often relate to things that are currently going on or things that are easily exploitable.
Below are a few examples of things that the people behind these types of attacks might use in a phishing attempt.
- Student Loan Forgiveness
- Taxes
- Mortgages
- Holidays
- Financial Information and Requests
- Fake Invoices
- Social Media
Tips for protecting yourself
Although phishing attempts can be cleverly designed there are ways to spot them. One of the tell-tale signs of a phishing attempt is a sense of urgency. For example: “Your bank account password is about to expire change it now to avoid getting locked out”
If you are concerned that a request is not legitimate verify requests for sensitive information. Call your bank and ask them if they sent you an email asking you to change your password.
Attackers will pretend to be someone you trust. If you get an email from your “boss” requesting you send them over the client file you are working on immediately, that could be a red flag. If you are suspicious do not click on any links, open any attachments, or reply to the sender.
One of the best things you can do to prevent yourself from becoming the next victim is to educate yourself!
Learn more about our security awareness training plans where you can learn more about how to protect yourself from cyberthreats like phishing and more! In addition to doing training on how to spot a phishing attempt, having the right cybersecurity countermeasures will help mitigate cyber breaches if they occur. Learn more about our commonsense cybersecurity services here.
Contact us today to learn more about how we can help secure your business today!
