Phishing attacks and how to prepare for them

by Tony Richardson CISSP

PHISHING IS A TECHNIQUE USED BY HACKERS TO GAIN ACCESS TO YOUR PERSONAL INFORMATION, SUCH AS USERNAMES AND PASSWORDS.

It happens in many different forms, but the most common is through an email that looks like it’s sent from a reputable source.

The goal of this article is not only to show how phishing works, but also give you some pointers on how you can prevent it from happening so you don’t have to deal with the consequences. 

A phishing attack is a scam that uses email to trick recipients into clicking on links, opening attachments or otherwise taking action which produces harmful results. These emails appear to come from sources the user normally trusts – banks and credit card companies for example; however they can be more than just an annoyance if you end up too deep into the ‘trap’!

According to the UK Security Breaches Survey 2021, more than 64% of large businesses have experienced attacks in the last 12 months. 

1. Understand the risks of phishing 

Phishing is a constant threat to your business and it’s becoming increasingly sophisticated. Successful phishing attacks can cause financial loss for victims, put personal information at risk, jeopardize the systems your organisation relies upon and even land you with legal consequences like fines or worse yet – the loss of the ability to operate your business.

A phishing attack is often cleverly crafted, so it can be difficult to understand. But once you’ve seen one in action, the process becomes clear and those old spam emails don’t seem quite as scary anymore! You know what they say: “just because your email address isn’t on file doesn’t mean that bad things won’t happen.” 

Although there are many types of attacks out there (some targeting professionals or even celebrities), all forms rely heavily upon malicious tactics – such as an adopted identity.

2. Know how to spot a phish 

There are several identifiers that can help you recognize a phishing attack straight away, five of the more common signs are: 

  • Emails sent from an unusual address or domain. You will notice that the name is highly personal and not a business name or else it’s from an account such as “gmail”, “hotmail” or “msn”. You can look at the email by clicking on it and checking the ‘other’ section, there you can check the actual email used to communicate with you. If it’s suspicious, don’t interact with the email in any way. 
  • Another giveaway is that the domain is the wrong spelling, often phishers do this to deliberately deceive you, hoping that you won’t notice and to imitate the organisation they purport to represent.
  • Spelling and grammar mistakes beyond a reasonable amount is also suspicious. Often this indicates that the attacker is international but it also is a red flag, marking it as not trustworthy. 
  • Strange attachments and links are definite signs that it’s dangerous. You must not click them.
  • Urgency. If the message encourages you to take fast action, do something within a timeframe or the like, it’s probably 

A few patterns can be identified. 48% of suspicious attachments are Microsoft Office files.

3. Be wary of suspicious phone calls, and text messages 

Passwords. Usernames. Identification numbers. All these types of data should not be discussed, mentioned or revealed in a phone call. If you’re asked these questions it’s a serious red flag as to whether the person calling is the organisation or person they say they are. It also points to malicious intent. Keep your information to yourself.

If these texts or calls involve threats to your bank accounts, personal accounts or any allusions to endangering your functional utilities involving data, then it’s probably a scam and often someone phishing. If you think that a request is unusual and you’ve never done it before, be cautious. Calls that are about new links sent you online are especially suspect.

If the sender is evasive when it comes to your queries do not trust them. If you discover that you’re unable to call the sender back, or there’s no way to contact the official company; avoid going further with anything.

4. Use two-factor authentication when possible 70

While not infallible, 2FA (two-factor authentication), can help protect sensitive information and accounts. It involves users logging on to a website to confirm their identity through another source and not just via their password. Setting it up can be easy and a lot of apps make it simple to set things up. For example, some recent Macbooks have 2FA built-in. 

A 2019 Microsoft report showed that 99.9% of automated cyber attacks were blocked when 2FA was in use. Encourage your business to configure it for increased security online.

A nifty checklist to improve your cybersecurity when it comes to phishing: 240

Almost a third of cyberattacks belong to the broader “phishing” category. That’s why it’s important that you know how to deal with them and prevent problems rather than picking up the pieces after a successful infiltration. 

Conclusion 

 Phishing attacks are a serious issue for companies and individuals. In order to be prepared, you should work with cybersecurity experts who can help protect your data from malicious hackers. Contact us today if you want to learn more about our services or how we can provide the best possible protection against phishing scams.