With advancements in technology, hackers are becoming more convincing and sophisticated in their approach to targeting you with phishing attacks.
Before we start explaining the risks of phishing attacks, let’s first look at what phishing attacks are and how they impact you and your business.
Phishing attacks are a fraudulent attempt to obtain sensitive information from you or your organisation. Typically, they are carried out by a cybercriminal sending a phishing email that appears to be legitimate and convincing; however, it aims is to get you to click a link or download and open an attachment.
Types of phishing attacks
There are four types of phishing attacks that range from a minimal effort to highly sophisticated attacks requiring a high level of research from the cybercriminal.
- Credential harvesting – usually an email impersonating a brand or organisation that lures victims into exposing their usernames, passwords and payment information.
- Extortion – targets the victim by requesting money in exchange for keeping secrets.
- Malware – often hidden in an innocuous link that triggers a file to download.
- Spear phishing – targets high-level employees influencing them to complete a manual task.
Why are businesses at risk?
Thousands of businesses fall victim to a phishing attack every day, and that number is continuing to rise. A cybercriminal in particular targets businesses to gain some entry into your network.
A low-level attempt (credential harvesting or malware attack) could be to send you an email (as well as a bulk of other people) convincing you to either click a link or download and open an attachment. By doing so, you could be installing malware designed to harvest credentials such as usernames and passwords for access to other systems in the organisation.
A high-level attempt (spear phishing) is where the cybercriminal has a specific person or organisation in mind and have carried out some level of research to make the email seem genuine and convincing. For example, a personalised email is sent to the finance team made to appear to come from a director within the business that would have the authority to instruct payments.
Tips for identifying a phishing email
Generally speaking, most phishing emails have typical characteristics that a trained eye could easily spot, and even if you’re not trained, we’ll help you with these useful tips.
- Typos/incorrect use of English – is the email difficult to read and understand like it was written by someone who doesn’t know much English?
- Missing personalisation – rather than referring to you by name, it may come across as Dear Sir/Madam, Dear Customer, Dear Client indicating the sender has limited information about you. NB: spear-phishing emails will be personalised.
- Requesting personal information – this could be tricking you into logging into an account whereby they capture your details.
- Sense of urgency – The email manipulates you into taking immediate action such as “review these latest transactions on your account to avoid account suspension”, “pay now to avoid disruption to services”.
- Attachments – the email contains attachments encouraging you to open or download it. If you don’t recognise the sender or are not expecting an attachment, don’t click or open it.
- Links – before clicking on any links in an email hover your cursor over the link to see the actual address it is trying to take you to. Again, if this looks suspicious or you don’t recognise it don’t click or open the link.
- Sender’s email address – do you recognise the sender? Do they portray to be from an organisation but are emailing from a Gmail account as an example.
- Sender’s email signature – does their email signature match the details in their email address? Do they have a full name, job description, company information such as company registration number, telephone numbers etc.