Phishing affects more individuals and businesses than you might think. And despite the funny name, phishing attacks can do serious damage. One report from 2018 showed that 76 percent of businesses had been attacked by phishing schemes (Wombat Security State of the Phish report, 2018). Even more concerning was the estimated cost to a mid-sized company: A single phishing attack could create $1.6 million in damages (Enterprise Phishing Resiliency and Defense Report, by PhishMe, 2017).
The main problem with phishing is that many people still don’t know what it looks like. Most phishing attacks fall into one of the following three categories; learn them, and you can probably spot a phishing scheme if it happens to you.
Fake emails. In this type of phishing attack, a hacker simply sends out emails that appear to be legitimate. They’ve become incredibly skilled at faking the logos and even emails of legitimate businesses, such as banks, and then crafting messages that tempt you to click a link. From there, your login credentials are captured, and the scammers can use your username and password to access your real account.
Spear phishing. This is just regular phishing, but with extra steps to target an individual. You might receive an email or even a social media message specifically addressed to you. It might even reference personal information that you’ve revealed somewhere online (such as social media). So you think it’s a real communication from a legit business… And then you fall for the scam.
Whaling. Whaling is just like spear phishing, but they go after the “big fish” such as the top managers or CEOs of a company. It certainly makes sense from the hacker’s point of view. Why not go after someone who holds a lot of influence and who has access to important accounts?
Regardless of the type of attack, all phishing schemes have one thing in common: You’re tricked into clicking a bogus link and giving away important information. This underscores the importance of never following links in emails, but opening a new browser window instead. And of course, your employees must know to do this too.
For more information on keeping your company safe, call us at 888-RING-MY-TECH. We can help you prevent phishing and all other types of cyber attacks, through everything from employee education to a secure network.