Phishing occurs when a criminal disguises malicious content in a trusted source which lures victims into providing sensitive information. They then utilise this as a bargaining tool or sell it for their own gain. This could be usernames, passwords, credit card or bank details. The sender deceives the victim by making it appear as if it has come from a trustworthy source; such as a customer, supplier, employee, manager or even government departments.
Once you open a phishing email, there is a URL link designed to re-direct you to a site a criminal operates. This often looks very similar to a trustworthy website but it is used to steal your data. And because you believe it to be a reputable source, you fill in your details without thought that it could be used in a malicious way.
Common Phishing scams
Distributing Malware proves to be an extremely easy task for cyber criminals and is commonly done through phishing. Simply clicking a malicious link through a phishing email can result in a whole network being compromised.
Criminals trick victims with spoof emails that are addressed from a trusted authority – such as the company CEO. This technique is more targeted and addresses the victim directly, asking for payments that are needed ‘urgently’.
If a phishing attack is successful, your business risks facing financial loss as well as gaining a bad reputation with potential customers, suppliers and clients. As a business, it is important you are pro-active with your cyber security measures to make sure these attacks are avoided as much as possible. As the consequences can be severe.
rEAL LIFE EXAMPLE:
A recent test by ‘ethical hackers’ working for Jisc (originally known as Joint Information Systems Committee) had a 100% success rate in obtaining sensitive data from 50 universities around the UK. One of the most effective approaches these ‘hackers’ used was “spear–phishing”. Emails were sent out which appeared to be from a trusted source but instead were used to obtain sensitive information about both staff and students.
Although the attack was not real, if staff were trained on the characteristics of phishing emails, it is more likely they would have been able to spot the difference and avoided the ‘breach’ altogether.
of cyber attacks in the past year have been due to phishing
Why it’s important to train your staff …
Recent government statistics suggest phishing attacks are the most common type of cyber breaches within businesses in the UK; responsible for 80% of cyber attacks on businesses in the past year.
Your organisation’s cyber security can’t block 100% of phishing attacks. So what happens when you receive a phishing email? How can you tell the difference between one that contains malicious content and one that doesn’t? As with most cyber attacks, it is important to understand that your employees are your second line of defence.
You could have the most up-to-date technology in place for your cyber security – but if your employees aren’t clued up, they could unintentionally click on a link that could take your whole organisation down for days. And because phishing attacks depend on human intervention to work, (ie. someone to click a link, provide details etc) training your staff is more essential than ever before to avoid fraudulent emails becoming a problem.
cybsafe can help
Cybsafe is the only organisation in the world to provide you with intelligent security training that evidently reduces your human cyber risk. When it comes to training your employees on phishing, Cybsafe take an intelligent approach, one that creates long-term habits.
At the moment, traditional phishing training is still failing to change the way employees react to potential phishing breaches. Cybsafe instead focus on specific human traits that may make individuals more liable to a phishing attack. This has been proven to give a more effective outcome when it comes to training your staff.