In the last year, phishing attacks have seen a sudden rise as attackers continue to refine tactics and share successful types of attacks. In fact, 91% of cyber attacks and their resulting data breaches now begin with a spear phishing email message.
How Phishing works
Phishing covers more than just fake banking emails and package delivery alerts, it’s about convincing you to provide something valuable to the attackers. With one click, an unsuspecting user can download a number of harmful viruses and unknowingly compromise their company’s data and their systems.
Phishing has been identified into three categories namely: spear phishing, mass phishing and business email compromise.
Spear phishing is where emails impersonating a specific sender or trusted source are sent to targeted individuals within organizations to try to get them to take certain actions, like sending money to spurious accounts.
Mass phishing takes advantage of a company’s brand name to try and lure the brand’s customers to hoaxed sites where they are tricked into parting with credit card information, login credentials, and other personal information that will be later resold for financial gain.
Cloud Spending is on the rise as more businesses look forward to increase their cloud spending by 11 to 30 percent. Security is one of the benefits of using the cloud. According to research, companies also state that increased efficiency, data space, flexibility and scalability are other top benefits of using cloud. Cloud backup is ideal for large amount of data and safe because it is stored in multiple data centers. Your data is safe and can be restored by anyone who has permission to do so
Unlike spear and mass phishing, business email compromise attacks target employee email accounts and bait them to reveal company information. The attackers gather personal information of employees then send emails from those accounts making it seem believable. For example, receiving an email from your boss email address asking you to transfer funds or any other sensitive data.
The fight against phishing emails
With these seemingly increasing bold cyber-attacks, it’s very hard to stay ahead of the game. A multi-layered defense against phishing is the only answer. This should combine both advanced security technologies and training employees. It is important to have a strong email and web filtering as this is the first opportunity to stop phishing.
Microsoft 365 security features such as Advanced Threat Protection provides real time protection against malicious email attachments and malicious url links. This will stop zero-day attacks. ATP comes as an add on service to subscribers using Office 365.
Other real-time protection software are Sophos Email Protection and Sophos Web Protection which act as email and web gateway to prevent phishing attacks.
According to research, your employees are your weakest link. Appropriate training and education is critical for ensuring that all your employees know how to spot and deal with these types of email messages.
KnowBe4, a security awareness training and phishing platform offers security training in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job.
Your last chance of stopping cyber-attacks if by accident one of your employees open a phishing attack is through anti-exploit and anti-ransomware protection. A good anti-ransomware security solution should identify, analyze and neutralize the effects of a malware and automatically clear any trace of infection leaving you to your work.
Here are ten signs that it is phish:
1. It just doesn’t look right. Is there something a little off with a particular email message? Does it seem too good to be true? Trust your instincts.
2. Generic salutations. Instead of directly addressing you, phishing emails often use generic names like “Dear Customer.” This use of impersonal salutations saves the cybercriminals time.
3. Links to official looking sites asking you to enter sensitive data. These spoofed sites are often very convincing, so be aware of what personal information or confidential data you’re being asked to reveal.
4. Unexpected emails that use specific information about you. Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and is used to make a phishing email convincing.
5. Unnerving wording. Thieves often use unnerving wording (such as saying your account has been breached) to trick you into moving fast without thinking and in doing so, revealing information you ordinarily would not.
6. Poor grammar or spelling. This is often a dead giveaway. Unusual syntax is also a sign that something is wrong.
7. Sense of urgency. “If you don’t respond within 48 hours, your account will be closed.” By creating a sense of urgency, the thieves hope you’ll make a mistake.
8. “You’ve won the grand prize!” These phishing emails are common, but easy to spot. A similar, trickier variation asks you to complete a survey (thus giving up your personal information) in return for a prize.
9. “Verify your account.” These messages spoof real emails asking you to verify your account. Always look for signs of phishing, and always question why you’re being asked to verify – there’s a good chance it’s a scam.
10. Cyber-squatting. Often, cyber criminals will purchase and “squat” on website names that are similar to official websites in the hopes that users go to the wrong site e.g. www.google.com vs. www.g00gle.com . Always take a moment to check out the URL before entering your personal information.
We have powerful security solutions that can protect your business at each stage of an attack. For more information visit: https://www.manageitafrica.com/security-solutions/ or write to us at email@example.com to know more about our solutions.