Phishing attempts are on the rise and most people and businesses have encountered at least one, whether they realize it or not. Now Phishing is not to be confused with Fishing, the relaxing pastime of catching fish (relaxation varies depending on where and what fish you are trying to catch). So, what is Phishing with a “Ph”? Why does it matter? And What does it look like?
What is Phishing?
Phishing is a technique that scammers use that involves spam or pop-up messages to deceive a target into disclosing their credit card numbers, bank account information, debit card PINs, social security number, passwords, or other sensitive information. In simpler terms: a scammer puts out bait, in the form of an email or phone call, to try to lure people into giving up their personal information.
Why is it important to be aware of Phishing?
Phishing is a new-age Social Engineering tactic. It can lead to other cyber-attacks such as ransomware. Studies found that 90% of cyber incidents and breaches had a Phishing Element to them. It is a very common tactic scammers use to get their foot in the door. Anyone in an organization can be a target, but accountants, marketing, and other departments are the most impacted since they are not suspecting an attack.
How does a Scammer “Go Phishing”?
The Scammer casts a line:
Typically, a person will receive a message from a scammer where the scammer is pretending to be a reliable and safe source. They could be impersonating a business that the target has already engaged with, a bank, a government agency, or any other source that a scammer thinks could elicit personal information. These messages will most likely be in an email or pop-up format.
Then the Target is “Hooked”:
The goal of the message sent by the scammer is to get information. A common way to do this is to ask for something that seems harmless and routine such as a credential validation or password update. To create a sense of urgency in the target, the request is sometimes accompanied by a consequence for the user if they do not comply such as account suspension or having their account banned.
The Scammer “Reels” in the Target:
Once the target is hooked, then they are reeled in. This normally involves going to a separate website that looks like it is legitimately the company involved. From there, since everything seems safe, the target inputs their information as instructed.
So, how do you Prepare for or Mitigate a Phishing attempt?
The first step to be prepared for anything is to understand that it could happen to you or your team. By creating an awareness, you can be more vigilant and savvier watching for these attempts. Since you have(hopefully) read this article, you should have some sort of an awareness of Phishing.
The next step is educating yourself and your team. Train your team to not engage with any emails that do not seem legitimate. Also, if they are unsure of the legitimacy, they should contact their supervisor for further instructions or call the customer service line of whatever company claims to be looking for information. Do not use the phone number in the email; instead, you should do a quick online search to be sure that you have the correct number. If the number in the email or message and the number found online at the company’s website do not match, then that is a red flag that you are not dealing with the company.
Phishing and other Social Engineering threats are on the rise and show no sign of stopping. Being prepared and aware is the best way to lower the risk that an attack will impact you or your business. If you or your business has fallen victim to a Phishing attempt, contact BrightCyber at gobrightcyber.com or email email@example.com. We will be able to help mitigate the effects of the attack.
± Merkow, Mark S., and Jim Breithaupt. Information Security: Principles and Practices. Pearson, 2014.
± Symantec. vol. 24, 2019, pp. 1–61, Symantec Security Internet Threat Report 2019.
± Verizon. 10th ed., 2017, pp. 1–76, Verizon Data Breach Investigations Report 2017.