What is a Phishing Attack
According to the 2019 Cyber Security government survey by the Department for Digital, Culture, Media, and Sport, the most common cyber-attack that businesses face is fraudulent communications that appear to come from a reputable source, usually through email; known as Phishing.
So What is Phishing?
An example of a phishing email, disguised as an official email from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by “confirming” it at the phisher’s website. Note the misspelling of the words received and discrepancy as received and discrepancy, respectively. It is also worth noting that, although the URL of the bank’s webpage appears to be legitimate, the hyperlink would actually be pointed at the phisher’s webpage.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators. Source: Wikipedia
You are in the equation
Phishing attempts are only successful with user interaction. An unopened phishing email is harmless and will only be destructive if the user replies with information or clicks on malicious links for example. Here is a great example provided by HMRC to help highlight related phishing scams relating to HMRC via an email threat.
click for larger view
* Check the sender’s address carefully to see if the domain is correct. It may look familiar, but subtle spelling errors can be easy to miss.
* Look out for odd use of language, unusual phrases, poor sentence structure, spelling errors or poor grammar.
* Take a moment to check the email source before clicking any links or attachments. If in doubt, call the sender to ask what they have sent you.
* Avoid clicking any links or supplying information
* Never reveal usernames or passwords or make payments to any bank details sent to you via email.
How phishing can affect your business
Company Reputation
Reputations are precious and can take a long time to build. Announcing a data breach immediately hits a company’s reputation and can take years to fade from memory.
Loss of Custom
News of data breaches travels fast and tends to make customers nervous, leading to lack of trust.
Loss of Custom
News of data breaches travels fast and tends to make customers nervous, leading to lack of trust.
Regulatory Fines
Under GDPR, the penalties can total €20 million or 4% of a company’s annual global turnover – whichever is higher.
Business Disruption
Phishing attacks can have a profound effect on disrupting business’ day-to-day operations, leading to large financial losses over a period of time.
ilicomm has over 25 years of delivering cost-effective information security and regulatory compliance solutions. Contact us to discover how we can ensure your business’s security is at its most efficient and cost-effective. Remember, the best way to help prevent phishing attacks is to train your employees and make them aware of the pitfalls and common tactics of phishing attacks.