Phishing, not to be confused with actual fishing, is a common form of internet scam designed to gather information from its recipients. Cybercriminals use social engineering, often in the form of fake emails or pop-ups, to bait and lure people into giving up sensitive information such as passwords and credit card information.
While many of these phishing campaigns come in the form of low effort emails telling you that an account you don’t even have has been compromised, a growing number of phishing campaigns come in forms that are almost indistinguishable from companies legitimate communication. Phishing is on the rise. The FBI estimated that in 2019 US citizens lost a whopping $57 million to phishing attacks, so it’s easy to see the importance of being able to identify these attacks.
While they can come in many forms, some of the most commons forms are:
Often these attacks come littered with grammatical errors, generic greetings, and questionable links, but as mentioned earlier, sometimes a phishing attack isn’t always apparent.
While it is important to know a few quick ways to identify phishing attacks, the most crucial aspect of prevention will always be training. Training presented by your IT provider is a great way to get users in your business aware of the dangers and common patterns in phishing campaigns. Often these training platforms come with useful tools to help end-users identify and report phishing attacks before they become a real problem.
Not sure if that email from the CEO is legitimate or not? Well, press that shiny new button installed in your Outlook application to report it for review. Security awareness platforms like Ironscales (which happens to be the one we use) also provide IT staff the ability to launch their own fake phishing campaigns. These are designed to present end users with real-world examples, without the risk, of course, and can act as a method to direct them to train if needed.