Reading time: 3-4min.

Author: Clarissa Vosloo

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. (Phishing.org).

Generally, emails sent by cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient. A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period.

The IN’s and OUT’s

How does it usually happen?

Generally, emails sent by cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient. A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period. Different types of phishing is also something to be aware of;

Spear phishing: Targets a specific group or type of individuals such as a company’s system administrators.

Whaling: Can be an even more targeted type of phishing as it goes after the whales – the big fish in the corporate world. Whaling usually attack the CEO, CFO or any Cxx within an industry. These attackers would conduct a message to the CEO, CFO or Cxx about something which can have a major negative impact on the company and its reputation; for example, they would say the company is being sued.

Smishing: Smishing focuses on shorter message to pull your attention immediately in the form of a text message, rather than an email. One of the most common scenarios’ is a message from which looks like your personal bank, but instead it is from an attacker trying to get a hold of your bank account number.

Vishing: Here, the spelling and pronunciation tells us more about how this attack usually would take place. Phishing – now Vishing is happening through a Voice call.

Email phishing: Lastly, and the most common type of phishing since the 1990’s. Hackers don’t mind whom they send the phishing emails to, so their target is anyone and everyone – including YOU and ME. An easy way to identify this kind of attacks is using the English language – it is usually unclear or incorrectly used. Apart from the grammar (which can also be carefully crafted), checking the email source and the link that you’re being directed to can give you a fairly accurate indication as to whether the source is suspicious.

For what reason do they do it?

The motivations for cyber criminals can be quite simple. The two that make up the huge majority are money and information. According to a Verizon Enterprise report, financial and espionage-driven motivation make up a full 93% of motivation for attacks. Aside from that, the less frequent but broader set of motives is often categorized as “FIG” (Fun, Ideology, and Grudges) (Tanny, 2018).

  • Money
  • Competition
  • Political Motivation
  • FIGs

Image: provided by appknox

How to prevent phishing?

  • Use spam filters to protect yourself against spam mails. These filters assess the origin of the mail and determine whether it might be spam.
  • Change your browser settings to prevent fraudulent websites from opening. Change settings to only allow reliable websites to open.
  • One simple way to stay secure is to change your online passwords regularly and never use the same password for multiple accounts. For added security use a CAPTCHA system.
  • Use monitoring systems to prevent phishing attacks. Organizations should provide security awareness training to employees to recognize the risks easily.
  • Changes in browsing habits are required to prevent phishing. If verification is required, always contact the company personally before entering any details online.
  • Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https.”

How can WE help you?

We have a cost-effective way of training staff on cyber security. We can provide reports and company progress of how staff is learning. The cost-effective email security protects businesses from phishing attacks, email spoofing and provide advanced threat protection. This system promotes staff efficiency/productivity as well (ability to removing social media and shopping mail) (van Zyl & Brooks, 2021)

For more information and assistance to ensure your online security contact iTRINITY consulting today!