Here Phishy, Phishy!
When it comes to phishing attacks, one in three users is likely to fall for a social engineering scam.
The good news! The number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.
Step 1: Define a Phishing Attack
In a recent study*, only 63% of respondents were able to define a phishing attack. Can you?
Before you are able to recognize a phishing attack, you must be able to identify it. That lays the foundation for your defense against this type of cyber attack.
Phishing, as defined in our 17 Types of Cyber Attacks, is a type of social engineering usually employed to steal user data such as credit card numbers and login credentials. It happens when an attacker, posing as a trusted individual, tricks the victim to open a text message, email, or instant message.
Extra Credit – This goes for all types of cyberattacks, not just phishing. So make sure to brush up on all 17 Types of Cyber Attacks.
Step 2: Know Who is at Risk
Here is a breakdown of the “phish-prone percentage” (PPP) for the top three industries by the organization size. The PPP indicates how many employees are vulnerable to attacks.
If you and your business are not in one of these industries, that doesn’t mean you are not a target. Everyone is at risk of a phishing attack. The only exception is how the phishers will target you and your business.
Step 3: Recognize a Phishing Attack
Before you reply to any email (yes – ANY email), use these key Email Red Flags questions to verify the legitimacy of the email:
- Do I recognize the sender?
- Does the sender’s email address match the name?
- Are there spelling mistakes in the email address, and throughout the email?
- Would I expect this type of request from this individual?
- Do we use the product/software indicated?
- Was the email sent at an unusual time of day?
- Is there a sense of urgency in the desired action?
- Is the email an image instead of text?
- Do the links match the destinations?
- Does it make sense to call back with the information (and to confirm), instead of emailing?
If any of the answers are questionable, don’t move forward with the email.
CONGRATS – you have successfully prevented a phishing attack! You didn’t fall for the bait.
Always remember to keep your team, manager, and IT partner involved. That way any similar phishing emails will be throated by your team, time and time again.
More good news! There are cybersecurity tools designed to help regulate and eliminate threats coming to your email. These tools are a supplemental safeguard to training, that gives your business confidence.
Step 4: Think Beyond Email
Social engineering attacks come in many forms, not just email. Attackers use social media, text messages, and even voicemail to trick users. This is what makes phishing a moving target.
You cannot pick and choose when to be diligent about cybersecurity. It needs to be a part of your daily thinking and processing.