Phishing scams are one of the simplest ways for a cybercriminal to attack a business, though it is one which can provide the criminal with everything they need to infiltrate every aspect of their target.
A phishing scam normally takes the form of an email though it has now started to spread into social media, apps and messaging services.
The scam tries to trick the target into doing what the hacker wants.
That might be handing over passwords to make it easier to hack a company, or altering bank details so that payments go to fraudsters instead of the correct account.
Phishing scams vary in their mechanics. Some promote links to a fake website with the aim of persuading victims to enter personal information whilst others involve tricking users into downloading and installing malware. The latter can result in ransomware which ultimately leads to immediate profit for the hacker.
However, not all phishing scams are as simple as this. More complex scams can take place over months or even years where selected individuals are targeted for specific data. In these cases, the hacker uses fake social media profiles and emails and builds up a rapport with the victim.
All data – from email addresses and passwords to financial data or even a person’s address – is valuable to a hacker. They all provide information essential to commit fraud.
Everyday 3.2 billion people send around 269 billion emails.
Researchers at Symantec suggest that almost one in 2,000 of these are a phishing scam.
Often people rush through their inbox without analysing every message that lands there. Scammers look to catch a victim’s eye with catchy subject lines to lure them in.
What can you do to protect yourself?
Don’t click links on emails.
Emails can become hijacked and accounts can be replicated to fool a potential victim.
Bookmark your favourite sites
You’ll be able to go directly to the sites that you trust and reduce the risk of being spoofed via a link or typo. If you receive an email from a company telling you to contact them, don’t click on a link but go via their website to find authentic contact details.
Invest in Cyber Essentials
Cyber Essentials will protect your business from up to 80% of cyber threats and allows you to focus on core business objectives knowing that your business is protected.
You can also increase your chances of securing business by demonstrating your commitment to protecting your own data as well as of customers and suppliers.