“Me? Fall for a phishing scam? Never!”

You may believe you’re somewhat cybersmart, enough not to fall for a phishing scam… until you get hooked and fooled in a fateful oversight. It happens to the best of people; just pray you don’t become prey also. Statistically, it’s safe to say many South Africans are unsecure and may not be well-versed about cyber threats such as phishing. As many as 1,031, 006 people fell victim to phishing attacks in only the first half of this year. Yes – a whopping million people and more, in under a year!

Over the past year, email security provider Mimecast saw a rise in email threats by 64%. The reality is your inbox may be the next target for phishers whose modus operandi is email scams.  The whole world uses email regularly, to share information formally, and to sign up for online services, from online banking to subscription-based services. In a day, 78 billion emails are exchanged, the majority of which are spam, according to Mimecast.

PhishingWhat is phishing and how does it work?

Whether for personal use or organisational use in the workplace, emails are a key source to highly sensitive data, and that’s why hackers continue to make multi-million dollars through phishing attacks. But what is phishing exactly? It’s when a hacker simulates the image of a company that you’re likely familiar with and trust, and baits you with a carefully crafted, authentic-seeming message which gives a directive on an action to perform with urgency. The end goal is to collect sensitive data such as bank account credentials – you can figure out the rest.

A phishing attack doesn’t just have a bearing on you as an individual, leaving you compromised personally – it could have a very detrimental impact on the organisation you work for – and you don’t want that on your head. This kind of cyberattack is the leading cause of data breaches, accounting for 90% of them. Imagine a data breach that could cost a company somewhere in the millions, all resulting from your rookie error…

One thing is for sure, hackers are hungrier than ever, constantly fishing for user credentials and devising phishing attacks to take advantage of unsuspecting, probably inexperienced people. As an employee, you could solely be that weak point in an organisation’s cybersecurity efforts. 86% of organisations have had at least one user try to connect to a phishing site. One phishing email landing in your inbox and next thing, you’ve put the entire business at risk!

Phishing attack implications for your organisation

The State of Email Security Report 2021 by Mimecast, suggests that email remains the most popular way to try to sidestep a business’ defences. Hackers hence use phishing to achieve their goal to obtain sensitive data. A simple oversight and you could compromise your organisation big time. With phishing emails not so obvious at first glance sometimes, even people who should know better end up falling for the scam.

Recall the infamous case of former White House Chief of Staff and Hillary Clinton’s presidential campaign chair, John Podesta in 2016. For someone of such a high profile, and in a high office, one would think a phishing attack couldn’t happen to them. Podesta fell for a phishing scam which resulted in a data breach involving tens of thousands of emails being exposed, including those about the presidential campaign.

Good ol’ Podesta had received a very well-designed email from ‘Google’ which claimed that someone had attempted to log into his account and had his password. Naturally, the first thing you want to do is secure your email immediately in that instance. Podesta clicked on the link to change his password, which was a wrong move! But to be fair, he had first sought the advice of IT staff who were also duped by the email, so he went ahead and reset the password, only to get hacked. Podesta took the bait unfortunately and was caught.

Why ‘phishing’ anyway?

And why is it called ‘phishing’? Well, it’s analogous to angling, so it draws from the idea of a fishing line with a baited hook being thrown into a sea of oblivious internet surfers, anticipating that a victim will bite. The bait being a message of trickery.

There are two elements to a phishing email; a link or an attachment. The link redirects you to a fake webpage asking for personal information being sought such as your passwords (which is what happened to Podesta). Alternatively, downloading the attachment may spread malware on your computer.

While email has been the predominantly used method, phishing has evolved to include other communication methods such as telephone or text messages. But emails remain the primary method for phishers.

Tips to fight phishing attacks

You mustn’t take the bait to avoid a catastrophe resulting from a phishing attack.

 

  • Learn a cybersecurity course for awareness – that way you will have broader knowledge about cybersecurity. Such training is essential in order to know the do’s and don’t’s when it comes to handling cyber threats such as phishing, for your good and the greater good of the organisation.
  • Read suspicious emails carefully before you take any action if the message gives you a directive that is odd like a password request. Do not be quick to click any link or open attachments.
  • Try to keep abreast of the latest phishing techniques so that you know not to fall for the trickery.
  • Verify the security of a site before submitting any sensitive financial information. Ensure the URL begins with “https” and a closed lock icon appears in the address bar. Mind you, a legitimate organisation such as your bank will never request such sensitive information via email, to begin with.
  • Make use of spam filters to block unwarranted emails.
  • Use updated antivirus software.

The need for cybersecurity training

It is essential to know how to protect yourself against cybercrime in general. With the world increasingly becoming virtualised, this has increased cyber-attacks, such as phishing, at an alarming rate, costing businesses around the world millions in financial loss and damage control with the deploying of cybersecurity measures.

Cybercriminals’ tactics have gotten more sophisticated and there is a need for cybersecurity awareness to circumvent the efforts of threat actors and to ensure individuals, businesses, organisations, and governments are protected from the scourge of cyber threats.  As an employee, you need to meet your organisation halfway and take responsibility. Your organisation has probably already invested a lot of money into cybersecurity but it’s also up to you to be careful so as not to cost the company, or yourself, because of ignorance, literally handing over sensitive information to thieves effortlessly by way of deception. Do your part and learn about phishing and cybersecurity in general.

Read also:

Write A Comment