The Latest Phishing Trend
Phishing attacks are among the most common issues that companies need to deal with. Especially if your organization does not have a firewall setup to filter out potentially harmful content and emails, phishing schemes are one of the most common types of attacks used today. In fact, Check Point Research reported that 82% of companies were a target for these attacks in 2018. This is a field that attackers continue to develop and, according to Verizon,
the biggest markets that are targeted are public, information and financial services.
What Is A Phishing Attack?
A phishing attack is when you receive an email that may appear or claims to be from someone it is not. Often times, this comes in the form of an email claiming to be from a large company that most people use like Netflix, Amazon, Microsoft or Google. These will take you to a site that looks like the site it claims to be, but once a user attempts to login, the page shows an error message and the attacker now has your login information. Phishing attacks are not only used to steal your credentials but are also used to get you to install malware on your device by tricking you into clicking a link or taking you to an infected website – and as always stay clear of any attachments you may find no matter how innocent they look.
Sometimes these attacks are targeted, which means the attackers gather a bit of information on you or something you do. When someone like Visa suffers a data breach, these attackers could then come away with information like your name and address as well as know that you use a Visa. This allows them to send an email that looks like it is from Visa and that includes your name and address knowing that you have a Visa account and won't immediately dismiss the email.
If they are able to get the login information to someone in your organization, they can begin to send out messages to the rest of the organization pretending to be this person and cause all types of damage to the organization and not just the person.
How Do I Prevent This
In today's digital world, phishing attacks are something that simply cannot be totally prevented. That being said, having a UTM or even a managed firewall can help to drastically reduce the amount of attacks that users come across. The rest comes down to good user practices.
No system is infallible and there will almost certainly be some that get through, so keeping your users up to date and educated on this is a big deal and perhaps the greatest defense against phishing attacks. If anything seems amiss, be sure to check the email address that the message is coming from. Even those email addresses can be "spoofed" into looking like a legitimate email. If the email address looks ok and you click on the email, always be sure to check the URL address before doing anything else on the site.