Phishing – A Common Form of Cybercrime
Phishing is a common form of cybercrime that targets individuals and businesses. Attackers use phishing to steal valuable information from employees and customers including passwords, credit card details, and confidential records. Phishing is a major component in many types of cyberattacks from credential theft to ransomware. Most data breaches that result in the loss of sensitive information are initiated with phishing attacks.
Phishing attacks often take the form of emails containing links that lead to fake websites or attachments with malicious malware. The attackers behind these phishing attacks seek to gain access to an organisation’s network and systems by tricking employees into clicking on a link or opening an attachment.
These attacks can be simple and aimed at a large group of people or sophisticated and targeted at a specific individual or business. The latter are known as spear phishing attacks. Spear phishers research their target and will have a good understanding of the company or organisation they claim to represent. This research may include information found on the internet (such as a person’s children, their school and events taking place) or information stolen from other sources such as a social media website.
Educating your workforce on how to recognise a phishing email should be part of your cyber security strategy. Make sure staff understand the importance of not clicking on any links in suspicious emails and that they should always hover over a link to reveal a popup with the actual destination URL before they click. Encourage them to be vigilant and offer a supportive process for reporting suspicious emails they have identified or opened.