What is Phishing?
Most hackers don’t try to steal your data … they try to trick you into giving it up willingly. How does this affect businesses?
Here’s a better question—what do cybercriminals really do? The answer may shock you.
Aren’t hackers as devious IT wizards, scouring code to find chinks in firewalls, crack encryptions, and penetrate formidable security measures?
Not entirely. Proper cybersecurity is actually very strong and getting stronger every year. Most hackers don’t even try.
Instead, data thieves try to hack you.
Their target is not vulnerabilities in data security, but vulnerabilities in human psychology. 90% of all successful data breaches start with the embarrassingly low-tech tactic we call “Phishing.”
Phishing is the most popular form of “social engineering,” cybercriminal vernacular for a confidence scam.
Acquiring its signature spelling from early hackers who called themselves “phreaks,” phishing is what it sounds like — casting a scam far and wide and seeing who falls for it, who “bites.”
What Does Phishing Look Like?
In its most simple form, phishing involves a mass email that attempts to dupe the recipient into clicking a link to a malware download or replying with personal data like their social security number, password, or credit card info.
Contact 360 Smart Networks for examples of real phishing emails.
Versions have also evolved to target SMS (text message) inboxes (“smishing”) and phone calls or voice mail (“vishing”).
More targeted scams, where the phisher includes personal details to make the ruse more believable, are called “spear phishing.”
In most cases, the phisher builds trust by posing as a trustworthy source. For example:
- CEO Fraud. The email purports to come from the CEO or president of a major firm, often spoofing the firm’s domain for the email address.
- Brand Fraud. The email seems to come from a trustworthy source, like a bank, IT administrator, or a popular site like Facebook or eBay.
- Link Manipulation. The email contains a link that does not lead where it says it leads.
- Website Forgery. The phisher may build a “lookalike” website for a popular brand like Amazon.com. Alternately, the criminal may inject corrupted content into a legitimate website.
How Damaging is Phishing?
Some of the most cataclysmic data breaches of the last decade started with humble phishing, including:
- Equifax, 2017. A disastrous breach of the credit bureau’s security exposed 143 million Americans’ sensitive records.
- Amazon, 2017. A “Prime Day” phishing email tempted users with fake deals to collect their payment info.
- Google and Facebook, 2017. Over $100 million was wired overseas before the FBI caught the hacker.
- Home Depot, 2014. Over 100 million credit cards were exposed.
- Apple iCloud, 2014. Over 500 private photographs stolen from celebrities’ iCloud accounts, many containing nudity, were made public.
- Target, 2013. Over 110 million credit cards were exposed. The CEO and security team lost their jobs in the furor.
In 2017, 76% of companies were targeted with phishing attacks, 67% of the attacks aimed at low-level employees. Microsoft reported a 250% increase in phishing in the subsequent year.
60% of all companies that suffer a major data breach close their doors permanently within six months.
How do I Spot Phishing Attacks?
Be on the lookout for the following telltale signs of a phishing message:
- Designed to make you panic. Threats of a breach, account closure, collection, arrest, etc. try to provoke rash action.
- Asks you to “confirm” sensitive information. Legitimate companies do not request personal information by email.
- Poorly-written. Many hackers skip quality control on their spelling and grammar.
- Untrustworthy email address. Some phishers don’t bother with domain spoofing, trusting that out of millions of recipients someone will get careless.
- Suspicious attachment. Never download an attachment that appeared out of the blue. When in doubt, throw it out.
- Suspicious link. Hover the mouse arrow over the link before clicking it. Your browser should show you where the link really goes.
Reach out to 360 Smart Networks for more tips to guard against Phishing.