New cybersecurity threats are emerging all the time but there’s one scam, in particular, that everyone should know about – phishing. Phishing costs US businesses and individuals a combined half a billion dollars annually, and it’s hard for organizations to recover from the reputation damage. So, what is phishing and how does it affect your business?
What is phishing?
Phishing is a type of cybercrime in which hackers pose as legitimate individuals or companies and lure people into sending them confidential information. The damaging results of phishing attacks include:
- Financial harm
- Data loss
- Reputation damage
- Identity theft
Phishing is a real problem for businesses and individuals everywhere because it’s often hard to detect and to identify the full impact on your network.
How phishing works
In phishing, hackers send emails, telephone messages, and text messages to targeted recipients to gain certain access or information. These messages use deception or urgency to trick or influence people to:
- Click on malicious links
- Follow a fraudulent URL
- Reveal sensitive data, such as passwords
Some scammers target hundreds of thousands of recipients through mass-mail scams. Others target very specific individuals.
Common phishing attacks
Here’s a brief rundown of the 6 most common electronic phishing scams circulating today.
Traditional phishing is still the most common phishing scam around. Hackers send mass phishing emails to many recipients. The hackers pretend to be someone else and encourage the recipient to take a certain action, whether it’s clicking on a link or downloading a program.
The headers and email addresses often look legitimate because they’re “spoofed” from familiar or recognized sources. So, this makes some phishing emails tricky to spot at first glance.
Spear phishing is an alarming scam because it’s personalized and extra effort has been taken to make the messages look legitimate.
With spear phishing, an email arrives from a seemingly trustworthy source. The recipient then clicks on a malicious link or follows a fraudulent URL to a compromised site where hackers gather sensitive data to compromise a network.
Unsurprisingly, spear phishing usually targets high-ranking individuals within an organization. Spear phishing isn’t a broad, scattershot approach – it’s organized and calculated for a specific result.
Smishing is a relatively new type of phishing attack. With smishing, hackers send users an SMS. The message deceives the person with a promised reward, such as having won a prize, for example. The person must take action and provide information (call a number or send an SMS containing certain data) to claim the prize. They may even be asked to click on a link.
Vishing simply means “voice phishing,” which pursues targets by phone. Hackers pretend to be banks or other legitimate institutions leaving automated messages. These messages typically ask people to call a certain number, for example, to complete a security check.
When people call the number, they’re speaking to hackers who gather their information under the guise of helping you update your account, avoid trouble, or fix a mistake in your records.
With malware phishing, hackers send people emails containing infected links. When someone clicks on this link, an automatic download adds malware onto their system. Malware phishing typically affects organizations who lack the latest anti-malware and antivirus software.
Pharming allows hackers to alter a company’s host files or its domain name system (DNS). After this happens, users unknowingly visit a fraudulent website that looks entirely legitimate – it even has the correct URL – but is controlled by hackers who collect any data entered by visitors.
Pharming is a particularly worrying offshoot of phishing because everything looks legitimate and the takeover is happening in the background, often completely undetected to network users or even administrators. It’s similar to spear phishing, though it doesn’t necessarily target an individual.
Phishing attacks are evolving all the time. It’s easy to fall into one of these traps, which is why you must know how to protect yourself and your business from these scams.