Social engineering serves as an open back door for cybercriminals. Attackers don’t bother to create an elaborate plan of how to get into a company’s system. Phishing can guarantee their goal will be achieved. According to Verizon’s 2021 Data Breach Investigations Report, this attack is leading the top of breaches in 2020 with 38%. That explains the serious financial company losses due to phishing. Let’s find out what it is and how to identify it.
What is Phishing?
Phishing is a type of cyber attack when criminals use social engineering techniques to steal user credentials. For example, fake emails from famous companies and services.
The phishing outcome is devastating. Huge financial and data losses. Serious damage to the reputation and a chance to lose customer trust. According to UK research, 60% of companies suffered from fraud in 2020, with an average loss of £245,000.
Phishers prefer to expose data from companies connected with technology, shipping, and retail. However, other sectors are also at risk. And attackers are quite unpredictable – organizations of all sizes can become their victims.
How Does Phishing Spread?
Verizon’s report also investigated that the most common way to deliver phishing is email, 96%. Criminals do their best to trick users and lure them to give up their personal data. Attackers impersonate well-known companies. Every single detail comes in handy: logos, domains, URLs, pictures, websites, text, forms. And users fall into their trickery.
According to Check Point, Microsoft (43%) is the most mimicked brand around the world. Sign-in forms, references in emails, links to sites. In the picture below, you can see a malicious example of this company’s usage.
In 2019, phishers created even Netflix sign-in form. Here users were offered to input their login and password, which were stolen later.
This scenario is quite successful. Office 365, Adobe, Twitter, Amazon, Zoom – usual services that crooks make use of. These decoys look legit, and only attentive users who suspect fraud can be safe.
How to Identify Phishing Scams?
There are several ways to identify that an email is a fraud and is a part of a phishing attack:
Public Domain Email Address
Legitimate companies usually send emails from their own domains. If you got an email from “@gmail.com”, try to hold on, it’s likely phishing.
Trustworthy organizations have well-written emails and good grammar. Spelling and grammar mistakes are red flags that you shouldn’t ignore.
It’s a usual practice when a company directs you to the website for additional information and doesn’t send random files. But if there is an unexpected attachment in your inbox, you should be on the lookout.
If you work with a company, the email would call you by your name. Attackers typically prefer no greetings at all or some generic salutations like “Dear valued customer”, “Dear account holder.”
Authentic institutions will provide legit URLs. But when a link says it’s going to send you to the exact site, doesn’t mean it’s going to. If a hyperlink has some mistakes or doesn’t correspond to the message’s topic, you shouldn’t click on it.
How to Prevent Phishing?
Staff education is an essential part of the protection from phishing attacks. If employees follow simple cybersecurity rules and try to be suspicious of the content they receive, phishing won’t achieve its goal.
Here are some tips we would like to offer to avoid scams:
- Two-factor authentication and constantly changed passwords should be a part of the security policy.
- Updated software, including antivirus – relevant programs have advanced protection.
- Check suspicious links and attachments. Don’t open anything until you are certain what is exactly in front of you. Try to review the content of a file with no harm to your computer: use sandboxes like ANY.RUN. A couple of minutes and the verdict will tell you whether you can trust this resource or not.
Cybercriminals use different techniques and brand names to organize phishing attacks. To identify the fraud, you need to be aware of where to find its signs. Be attentive enough, use modern tools and stay safe!