How to Protect Your Business From Phishing Attacks
Phishing is an online attack that targets users for personal information, such as their bank details or credit card numbers. These attacks often involve phishing emails or SMS messages that direct victims to click on links that send them to fake websites where they’re asked to enter their sensitive information.
There are different types of phishing, with some targeting specific companies and others using a more personalised approach. Examples include whaling (often targeting CEOs, CFOs or other high-level executives), pharming and search engine phishing.
Whaling – This is an advanced type of phishing which targets executives and tries to get them to authorize payments or update their information. It can be quite effective and has been used to scam people out of money, or to blackmail them into handing over confidential data.
Pharming – This is a more common phishing tactic and involves a malicious web link that aims to lure users into logging into a fake website with their personal credentials. The site could then download malware onto the victim’s computer, or it might harvest their sensitive information.
Unusual Sender – A message that arrives unexpectedly from someone you know, or even from someone you don’t know, can be a red flag that the email is a phishing attack. Typically, these requests will be asking you to do something unusual or sound like it’s out of character for the person sending it.
For your defences to be really effective, a combination of technological, process and people-based measures must be in place. For example, if you have a security system that reports suspicious emails or texts, then this needs to be coupled with a way of tracking and responding to these reports.