Don’t Get Phished!
Phishing is the dark art of delivering a file or link through an email by tricking the user to click on link and then gaining the sensitive information of that user.
95% of breaches occur through phishing and attackers use this means to taking advantage of users and devices. For accessing businesses sensitive information, like password and other credentials, phishing is public enemy number one. It can be devastating to a business, not only the reputation but also in terms of financial loss as well. For a hacker this is an inexpensive way of attack making it a highly lucrative for a hacker if ransomware is deployed. With all the best defences and technology, it still boils down the recipient who is receiving the phishing email, that would be you or your employees, they are your last line of defence, so training is important in any business.
An attacker can fail to gain access 100 times, but one single breach to your business is one too many.
The key to Phishing
The attacker will engage the end user or recipient by any means possible and these could be in terms of:
The attacker will instruct the recipient to update the credentials immediately, for example their company payroll information needs updated and if not completed they could lose out on their monthly wages, putting fear into the recipient that this has to be done with great urgency.
Making an offer to the recipient for a monetary reward if they complete this survey for example, they will get £50 to spend instore.
For example, an email sent by an “actor” from the companies HR department telling the staff of its future hiring plans for the next year – click on this link to find out more.
This is also a type of phishing but is targeted at a company executive or someone with authority within the company. For example, an actor will pretend to be a director and send an email to the accounts department instructing them to pay XYZ company £££. A lot of the time these emails will also have links within them and have malware to infiltrate a system.
Defending against Phishing
There is no silver bullet, but you can build some layers of defences within your business, like staff training, using multi factor authentication or email and spam gateways – remember one attack is one to many.
If you would like to get some more information or are concerned about the cyber security of your system, please get in touch with Control IT Solutions on 01738 310271