Published February 8, 2023
Read Time Mins
Phishing is a type of cyber attack where cybercriminals impersonate legitimate organisations, often through email, to deceive individuals into providing sensitive data, such as usernames, passwords, and credit card numbers. The goal of phishing is usually to gain unauthorised access to systems or to commit financial fraud.
Key characteristics include:
“These schemes cunningly use compelling visuals and persuasive narratives that can make you second guess your instincts,” begins Paul. “Therefore, you can never underestimate the importance of vigilance when it comes to divulging sensitive information”.
Whilst it may feel like some time ago, the Covid-19 pandemic is a good example. An APGW report laid bare the stark reality of escalating phishing threats in Q1 of 2020 which witnessed a staggering peak in phishing activity, unmatched since March 2016. The ominous count? Over 60,000 phishing sites were discovered in March that year alone. Add to that, ProPrivacy’s revelation that a significant 25% of COVID-related websites were marked as suspicious, pointing towards increasingly targeted and realistic phishing scams.
Hence, staying informed about the variety of phishing techniques is key to keeping your guard up, emphasises Mark: “Spear phishing, for instance, is a highly personalised social engineering attack where the cyber villain assumes the persona of a trusted authority. Whaling or CEO fraud, on the other hand, zooms in on high-ranking personnel, with the hacker masquerading as a top-tier company executive.”
“Begin by scrutinising any suspicious emails or text messages”, says Paul – particularly those seeking payment information. “Warning signals might include messages about unexpected account activity, issues with your credit card, or too-good-to-be-true discount codes”
The rule of thumb here? Pause, ponder, then proceed.
Mark adds, “Leverage the benefits of two-factor authentication, which places an additional hurdle in the hacker’s path, disrupting their access to your complete login process”. A password manager can further bolster your defence, keeping your passwords and other critical data shielded.
“Creating a cyber-aware workforce is a key deterrent against phishing attacks,” Mark continues. “Ensure your team stays ahead of the curve with the latest malware and security advancements. Encourage them to scrutinise URLs to verify their legitimacy and to be alert to the HTTPS (secure) versus HTTP (non-secure) distinction in web addresses.”
“Staying informed and proactive is your strongest defence“.
Paul Hague
Equip yourself with a leading-edge cyber-defence solution that evolves with emerging threats and industry trends. To understand how to fortify your business against phishing threats and boost your cybersecurity game, talk to us about how we can protect your business from phishing scandals and increase your cyber-security.