Phishing attacks are on the rise and are becoming increasingly expensive for businesses. PhishLabs reported that the number of attacks increased by 28% in 2021 from the previous year (opens in new tab)† Today, a large number of cyber attacks start with phishing emails.
That means malicious emails should be top of mind for businesses. However, many companies still don’t fully understand the scope and scope of the phishing problem, the potential risks, or even what phishing really is.
You may also want to take a look Replace Microsoft as most phishing company with a surprising newcomer†
What counts as phishing?
Any attempt to obtain information or money using a fraudulent email is considered phishing. Phishing emails fake the appearance of a real email from a trusted source – a person or, more often, a company like Amazon, Google or PayPal. These emails create a sense of urgency for users to follow a link to a page where they enter their passwords in order to avoid an adverse event, such as closing their email account or processing a fraudulent payment. , or to check an account balance. †
Once they log in, their information can be stolen or their computer can be infected with malware or ransomware. In some cases, cyber criminals use the data to hack into accounts, pay pocket money or make fraudulent purchases.
Phishing scams usually involve link manipulation, using misspelled URLs similar to legitimate ones. Often, phishers use images embedded in emails instead of text to bypass filters. More advanced approaches may involve a secret redirect that uses a login pop-up on a legitimate website.
There are a few common approaches:
- spearfishing is an attack aimed at a specific person or company. These attacks usually involve gathering information about the target or targets in advance to make phishing emails better at manipulating potential victims.
- phishing clone uses a legitimate and previously delivered email with an attachment or link whose content and address have been cloned. The link/attachment is replaced with a malicious site or dangerous attachment.
- Whale attacks are aimed at senior executives or other high-profile targets. These scams usually take the form of important business or legal emails and even include fake subpoenas.
- SMS phishingor smishing, uses cell phone text messages to skim recipients’ personal information.
Low-tech security strategies
While email filters and other security technologies can help prevent phishing emails from reaching your customers’ inboxes, the criminals behind these scams are constantly updating their techniques to avoid detection. Phishing relies heavily on psychological manipulation and end users are the weakest link.
Even simple, low-tech strategies can help protect your business and your customers from the costs and consequences of a phishing attack. Those include:
Provide end-user awareness training to help staff recognize the telltale signs of phishing – misspelled website names, oddly named attachments, etc. Additionally, employees should “point out” the sender names in emails and embedded links to ensure that they match the origin account or a legitimate website.
Make sure they also know best practices, such as never logging into a website they reached through an email link.
Designated Email Addresses
If the company regularly receives legitimate emails for financial transactions, it can set up specific email addresses for those requests. Limit the exposure of these addresses on public sites, which can help reduce their target footprint when it comes to phishing.
Codenames aren’t just for spies. For example, employees or customers can set specific email formats or code words for correspondence to let the recipient know that the email was legitimate.
Enforce email policies
Set policies to minimize the number of sensitive transactions that take place via email. If employees know that financial authorizations should only be done in person or over the phone, it’s unlikely they’ll fall for a phishing attempt to get them to do it via email.
Phishing is a growing and constantly evolving threat, so it’s vital to stay on top of the latest threats and what steps your organization can take to mitigate these attacks.
Jason Howells, Vice President, MSP International Sales at Barracuda MSP (opens in new tab)
See also the best antivirus programs and best malware removal tool.