Learn How to Recognize and Prevent Phishing Scams
Ninety-one percent of data breaches start with a phishing attack. Don’t let one person or email put your company at risk. With many companies considering flexible work environments even post-Covid, it is important to put education and best practices in place. Here are some basics to help you get started.
What is a Phishing Scam and Attack?
Phishing is a form of attack that often uses email to get access to your company’s data. The emails are designed to get the victim to feel compelled to take action so that they will hand over sensitive information or download malware to give the attacker access to all sorts of data, records, and more.
The email can be disguised to make it look like it’s coming from a user the victim trusts and includes fake websites while disguising URLs.
How Can I Recognize and Avoid Phishing Attacks?
There are a few precautions you can take to avoid such attacks. When you get an email, ask yourself these three questions:
- Should I be getting this on my work email?
- Am I expecting a message like this?
- Why is this coming from an unusual address?
If the answers to the first two are no, don’t open it! If you’re questioning the address, it is a good indicator that it’s potentially an attacker attempting to disguise themselves as someone else. You should also check links before clicking on them, and use a URL expander to check shortened URLs as attackers may hide their malicious site behind them.
The most cost effective way to protect against cyber attacks is to continually train and test your employees.
Most Common Examples of Phishing
Email address spoofing and attachment
Although the subject line makes you want to take action to click into an attachment, the sender’s address is a clear indication that this is not from Amazon due to typos (amzn) and knowing that a message like this most likely wouldn’t come from webserver.com.
The URL is incorrect, despite looking real. “Amazon” is misspelled.
Fraud can occur in two ways: email and phone.
With email fraud, the attacker attempts to get the victim to reply to an email and provide sensitive information, like your credit card number or bank information. The email might look legitimate but the response gets sent to people who you don’t want having your information.
Given the word “phone”, you might assume that phone fraud happens via an attacker calling you. While that is often the case, phone fraud can also start as an email with a request for the recipient to call the attacker. Thanks to a fake phone number, once the call is placed, the caller and their information is vulnerable.
Why You Should Care About Phishing
Phishing attacks can happen to anyone, and it only takes one person from your company to expose your information and put your company at risk. Don’t underestimate the magnitude. Did you know that:
- 92.4% of malware is delivered via email.
- 80% of phishing sites examined in Q3 of 2020 used SSL (vs HTTPS).
- Out of the 30% of phishing messages opened by the targeted user, 12% of those users click on the phishing link or attachment.
- Software as a Service (SaaS) and webmail users account for around one-third of attacks.
- 96% of targeted attacks are carried out for the purpose of intelligence gathering.
- There were 28,500 COVID-19 related cyberattacks in 2020.
- The average cost of a phishing attack for mid-size companies is $1.6 million.
- Victim’s losses due to cybercrime in 2020 totaled $4.2 billion.
- More than 5,200 Sharepoint phishing emails were reported in a 12-month period, as well as close to 2,000 attacks involving OneDrive.
How Alpine Cyber Can Help You Protect Your Employees and Company From a Scam
We act as your outsourced security team filled with industry experts ready to protect your company by providing: testing and simulations, professional training modules, monitoring and reporting, and informational updates. While technology can’t safeguard everything, we take the approach of educating and training your team so you can stay focused on your customers.
Need to train your employees? Learn more about our Security Awareness Training and Phishing Testing solutions.