Social engineering attacks are one of the most common and continually-increasing forms of cybercrime. Social engineering attacks come in many forms and can be executed in various ways, including online, in person, and by phone. One of the most prevalent and dangerous of these attacks to an enterprise is phishing. This type of data theft resulted in over $675 million in losses to U.S. businesses last year according to the FBI, and that number is projected to continue to grow. It is more important than ever to protect your assets from this seemingly innocuous crime.
What is phishing?
Phishing is a social engineering attack that is deployed to steal user data like passwords, credentials, and personally identifiable information. It most commonly occurs via email, in which the malicious actor will send an email from what appears to be a reputable company or known user with an interesting or familiar topic to the end user. The goal is to make the end-user feel comfortable enough to click on a document or link that then presents either a form or landing page for the user to now enter their password credentials, bank information, credit card number, and other valuable information.
How can you keep yourself from falling victim to a phishing scam?
The key to prevention is attention! There are certain aspects of the email you want to watch for to keep from falling victim.
Is there an urgent tone or immediacy in action dictated in the email?
Does it try to scare you into answering immediately?
Does it contain grammar and/or punctuation errors?
Are there any hyperlinks within the email?
For example, see the www.domain5.com link here? When you hover over it with your mouse, does the link that pops up match the link in the email? If it does, chances are you’re safe. But, if it doesn’t, DO NOT CLICK and report it as phishing immediately.
Is a document attached?Many phishing emails include attachments with viruses and malware embedded in attachments. Before opening an attachment, be sure it’s from a verified sender.
Any of the items listed above should raise a red flag. If you see more than one of these attributes present in the email, there is a high likelihood that it is a phishing attempt.
It is essential to pay attention to detail and remain vigilant in the fight against cybercriminals. Phishing remains one of the simplest methods employed by criminals attempting to steal your employer’s data and/or your personal sensitive information. The results of falling victim could have serious repercussions. However, the phishing email victim is not responsible for the full the burden. Companies must become more vigilant and provide employee training that addresses ways to successfully combat the phishing tactics of cybercriminals.