The more organisations understand about how to prevent data phishing the better; after all, 4 in 10 businesses (39%) and more than a quarter of charities (26%) report having suffered cyber security breaches or attacks in the last 12 months according to a recent government survey.
Indeed, when we add-up the cost of cyber-crime to UK businesses (which, astoundingly, reached £87 billion 2015-20) and consider the phishing attack increase seen throughout the covid-19 pandemic (as if businesses didn't have it tough enough during this time!), it's clear that the phishing threat isn't going away any time soon. Therefore, business leaders should act accordingly to protect their assets, brand reputation, and data.
Phishing is a hacking technique where 'bait' – often in the form of an 'urgent' request for information from a seemingly trustworthy source – is emailed or texted to users.
It involves tricking the user into clicking upon false links that redirect to a fraudulent, yet convincing-looking, website. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.
By and large, phishing emails are mass-sent to thousands of recipients at random, in the hope that at least one or two people will fall for the trick (maybe they're busy and distracted at work, for example, a very good reason to refresh phishing awareness training regularly!).
A similar, yet more targeted, scam known as 'spear phishing' is slightly more artful. Spear phishing is designed to target a specific individual, often inside a particular organisation that hackers have chosen to infiltrate, and it often involves differing levels of social engineering to craft targeted attacks. Find out more about common types of phishing attack here.
Phishing and social media
Phishing might also occur across social media channels, and this isn't something businesses should overlook. After all, many members of staff use personal social media accounts during their break time or on their phone at work, and most organisations have professional social media accounts set-up to share company updates.
Hacked-accounts on social media might share links via a status update or private message - a method of phishing that's highly effective since users are more likely to trust links sent from people they know.
Another common phishing tactic on social media is fraudulent customer-service representatives or 'help desks' asking users to verify their identity, or claiming users' accounts are under attack and must be reset in some way. Of course, this always involves users sharing their login information with the fraudster.
In both these cases, people that re-use social media passwords for things like email accounts, work PCs, and online banking could find themselves in serious trouble if they fall for the con.
Data Phishing Prevention
Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can educate employees to avoid these sorts of phishing panic-attacks by offering regular cyber-security awareness training (including social media awareness training) designed to keep users alert and always wary of the messages they receive.
Designed to keep awareness levels high and offer additional phishing training to those who need it (i.e., those who don't pass the test), phishing simulators can boost your organisation's information security program and allow security professionals to monitor vulnerabilities.