Did you know that 91% of all cyber-attacks begin with a phishing email?

Phishing is a huge problem in the world of cyber security today. To reach to the optimum level of protection that a business needs, your workforce’s knowledge of how to avoid being caught on the hook of a phishing attack is crucial.

National Cyber Security Awareness Month rolls on and today we are going to cover how to truly be prepared for a phishing attack. However, it’s best to be familiar with the many kinds of phishing attacks that are out there waiting to catch a user off-guard.

What is phishing?

This is from the official FTC page about phishing attacks.

Phishing is a type of malicious online attack often used to steal user data, including login credentials or credit card information.

Phishing attacks tend to occur most within emails where the intruder pretends to be a trustworthy source, such as a bank, a colleague, or even an administrator. They often contain a shady link in the message for you to "verify your account" or contain an attachment to download. If the recipient clicks the bait, it could lead to the installation of malware, such as ransomware, which can restrict the use of the computer or lock access to important files until ransom is paid.

Some of the most well-known types of phishing are:

  • Deceptive Phishing. An email scam disguised as a legitimate source such as a bank or a vendor in order to trick the victim into providing their private information. These mostly involve a hidden suspicious link that prompts you to enter your credentials on a bogus website or downloading a malicious attachment that installs malware on your computer.
  • Spear-phishing. A direct phishing attack at an individual instead of a wide group, typically referring to you by name. Attackers research the background of the target and craft the phish specifically to the victim to make it look more authentic.
  • Clone phishing. A fake email message that is a near-replica of a legitimate, previously sent email from a trusted sender that often includes phrases like “re-sending” or “updated,” along with a bogus attachment in place of the original.
  • Vishing. An attack involving a fake direct phone message claiming that it is from a trusted source and prompts the victim to enter sensitive information, such as bank accounts or PIN numbers, to “verify their account.”
  • BEC Scams. Business Email Compromise (BEC) scams involve a direct attack at the CEO or financial officer of a company attempting to trick them into approving money transfers into unauthorized accounts.

This is an example of a phishing email masquerading as Microsoft Office alert. Notice the email sender is not from a Microsoft domain and how there are grammatical errors throughout the entire message.

How do you protect yourself against phishing attacks?

Here are three solid actions you need to take to keep your business safe from phishing attacks:

  1. Train your employees on how to be vigilant. A phishing attack may be difficult to spot at times but with the right amount of insight and company training, your workers can be aware of the typical warning signs. Generic greetings, spelling errors, questionable links, and threatening tones are all signs that you could potentially be phished. We here at neoRhino have Security Awareness Training sessions that assist businesses in raising their cyber-awareness.
  2. Ensure your IT solution has a solid spam filter and anti-virus program implemented on your workstations. If someone were to take the bait of a phish, having up-to-date spam filters and anti-virus programs installed are necessary to help guard your business from being infected. AV programs are not foolproof by any means but help decrease the likelihood of being attacked.
  3. Have maintained data backups. Having backups of your company data is incredibly important for your business in any case, but even more so if you happen to be involved in a phishing attack. Should someone click a bad link and get caught with ransomware, you can roll back to a previous state from a backup.

It’s astounding just how rapidly phishing has become an outbreak on our cybersecurity. Knowing how to watch for the signs and to protect yourself is one of the best steps to #BeCyberSmart.

neoRhino’s Security Awareness Team, certified IT consultants, and 24/7 helpdesk squad are here to help strengthen your online defenses. You can visit our homepage, see more about The War on CyberSecurity, or give us a call at (281) 779-4850, and we can manage your technology so you can manage your business.

Back to Base