Phishing attacks are on the rise and are costing businesses more and more. PhishLabs reported that in 2021, attacks increased 28% from the previous year (opens in a new tab). Many cyber attacks today start with phishing emails.

This means that malicious emails should be a priority for companies. However, many businesses still don't fully understand the scale and scope of the phishing problem, the potential risks, or even what phishing really is.

You might also want to check out that Microsoft has been replaced as the top phishing company by a surprising entrant.

What counts as phishing?

Any attempt to obtain information or money through a fraudulent email is considered phishing. Phishing emails masquerade as a real email from a trusted source: a person or, more often, a company like Amazon, Google, or PayPal. These emails create a sense of urgency for users to follow a link to a page where they will enter their passwords to avoid an adverse event, such as closing their email account or dealing with a fraudulent charge, or to recheck their account balance. One account. .

Once they log in, their information may be stolen or their computer may be infected with malware or ransomware. In some cases, cybercriminals use the data to hack accounts, pocket money, or make fraudulent purchases.

Phishing scams typically involve link manipulation – the use of misspelled URLs that look like legitimate URLs. Phishers often use embedded images in emails instead of text to help bypass filters. More sophisticated approaches may involve a covert redirect that uses a login popup on a legitimate website.

There are some common approaches:

  • Spear phishing is a targeted attack against a specific person or company. These attacks typically involve gathering information about the target(s) in advance to better design phishing emails to manipulate potential victims.
  • Clone phishing uses a previously sent legitimate email with an attachment or link whose content and address are cloned. The link/attachment is replaced with a malicious site or dangerous attachment.
  • Whale strikes are directed against top executives or other high-profile targets. These scams typically take the form of important business or legal emails and have even included fake subpoenas.
  • SMS phishing, or smishing, uses mobile phone text messages to steal recipients' personal information.

Everything you need to know about phishing

(Image credit: Pixelcreatures/Pixabay)

Low-tech security strategies

Si bien los filtros de correo electrónico y otras tecnologías de seguridad pueden ayudar a evitar que los correos electrónicos de phishing lleguen a las bandejas de entrada de sus clientes, los delincuentes detrás de estas estafas actualizan constantemente sus técnicas para evitar ser detectados. El phishing se basa en gran medida en la manipulación psicológica y los usuarios finales son el eslabón más débil.

Even basic, low-tech strategies can help protect your business and customers from the costs and consequences of a phishing attack. These include:

Training

Proporcione capacitación de concientización a los usuarios finales para ayudar al personal a reconocer los signos reveladores de phishing: nombres de sitios web mal escritos, archivos adjuntos con nombres extraños, etc. cuenta original o un sitio web legítimo.

Make sure they're also aware of best practices, such as never logging in to a website they landed on via an email link.

Designated email addresses

If your business regularly receives legitimate emails for financial transactions, you can set up specific email addresses just for these requests. Limit the exposure of these addresses on public sites, which can help reduce your phishing footprint.

Code Names/Code Words

Code names aren't just for spies. For example, employees or customers can set specific email formats or keywords for correspondence so the recipient knows the email is legitimate.

Apply email policies

Set policies to minimize the number of sensitive transactions that occur through email. If employees know that financial authorizations should only be done in person or over the phone, they are unlikely to fall for a phishing attempt to trick them into doing it by email.

Phishing is a growing and ever-changing threat, so it's essential to stay up to date with the latest threats and the steps your organization can take to mitigate these attacks.

Jason Howells, VP of International MSP Sales at Barracuda MSP(Opens in a new tab)

See also Best Antivirus Programs and Best Malware Removal Tool.

Share This