What is Phishing and How Can it Be Prevented?
Phishing is a form of social engineering designed to trick victims into handing over personal information. Often this includes sensitive data like usernames and passwords, which are then used to breach a system or account. Attackers use fear to lure targets into responding without thinking, such as warnings that their bank account or credit card will be suspended unless they take action immediately.
Despite the high level of security in modern operating systems, phishing is still a common attacker tactic. This is because phishers aren’t looking to exploit a technical vulnerability; they are trying to manipulate human beings by making the target feel pressured to act. Ultimately the weakest link in any security system isn’t a bug buried in computer code; it’s the human who ignores good judgement and doesn’t double check where a link came from.
In the early 2000s, phishing attacks became more sophisticated. For example, attackers posed as PayPal and eBay, asking users to sign in with their credentials. This information was sent directly to the attacker, who used it for criminal activity such as stealing identities, stealing money or goods from victim’s accounts or selling their details on the black market.
To help employees recognise phishing attempts, companies can implement and communicate best practices. This might include ensuring that emails are always sent from an official-sounding address, checking all attachments before opening them and encouraging colleagues to report any suspicious messages. It’s also important to make sure passwords are changed regularly, which helps limit an attacker’s window of opportunity if they do gain access to a system.