According to one report*, released in 2018, 76 percent of businesses fell victim to phishing attacks in the previous year. And with the average cost of a phishing scheme estimated at $1.6 million for a mid-sized company**, these attacks should certainly be taken seriously.
The problem is, many business owners and employees aren’t really sure what a phishing attack looks like, or how to prevent an attempt from succeeding. That’s why we wanted to review some of the most common phishing scams, and teach you how to spot them.
Deceptive phishing. These phishing attempts mimic real companies, such as Paypal, your bank, a credit card company, and so on. These fake emails look convincingly real, and will often warn you of a “problem” with your account or an order. Then, after urging you to click a link, the email directs you to a fake login page. You enter your account credentials, and now the phishing scammer has your login information for that company.
Luckily, these situations are relatively easy to prevent. Never click links in emails that direct you to a login page. Instead, open a new tab in your browser, proceed to the known and trusted website, and log in to check your account.
Spear phishing. Spear phishing works in a similar fashion to deceptive phishing, but these scammers are extra clever. They will often include your name or other personal information so that you’re tricked into believing the communication is genuine. These scams are common on social media sites, because you might have quite a bit of personal information posted there. The phishing attempt might even appear to come from a friend, via instant message, because their account has been hacked and all of their contacts are being targeted.
Again, avoid clicking links sent to you via messenger services or emails unless you are positive of the sender’s identity. Of course, limiting or banning social media use on your company’s network is a good idea as well.
Whaling. In this type of spear phishing attack, the top CEOs or managers of a company are targeted. The idea is to steal their login credentials, access important databases within the company, or even email employees posing as the executive.
These attacks often work because, believe it or not, top managers and CEOs are often excused from employee security training! Make sure all of your employees are trained on security protocol – even those at the top (and yourself, of course).
You might have noticed that all of the prevention tactics listed above have one thing in common: Education. Educating your employees (and yourself) on phishing attacks is still the best way to prevent them. Of course, we also urge you to contact us at 888-RING-MY-TECH with any questions you might have on preventing network security attacks. Beyond employee education, we can take the appropriate steps to secure your company’s network and keep all of your important data safe.
*Wombat Security State of the Phish report, 2018
**Enterprise Phishing Resiliency and Defense Report, by PhishMe, 2017