When you picture fishing, you may conjure up tranquil mental images of a little wooden boat on a peaceful lake with mountains sprawling throughout the surrounding areas. But phishing, on the other hand, is a far cry from such serenity.
By now, you've likely heard of phishing in some capacity; you may even know someone who's fallen victim to a successful attack. But, what is it, what should you look out for, and what should you do if you get caught on the hook of a hacker?
In simple terms, phishing is when an attacker attempts to lure a user into doing - or clicking - on something that they want. Typically, this is in the form of a bad link that can install malware on their machine or direct them to a malicious website.
These days, attempts can occur via social media, text message or phone - however, the most common form of such attacks is through email. Usually, there aren't any specific targets with phishing attempts - a lot like actual fishing, the 'phishermen' (if you will) cast their bait into a general direction and hope for a nibble.
Once you're on the hook, they can install malware, sabotage your systems, or even steal intellectual property and money. Organisations of any shape and size aren't safe either - a simple Google search for 'phishing attacks' can attest to that.
Equally, there is a more targeted version of a phishing attack. Here, as the NCSC says, "the attacker may use information about your employees or company to make their messages even more persuasive and realistic", something that is referred to as spear phishing.
The ongoing conflict in Ukraine has led experts from Google's Threat Analysis Group (TAG) to issue a warning. A post on their site reads, "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links."
When a subject dominates headlines globally in such a fashion, it's only natural to expect to see relevant links, posts and emails about it. However, it's imperative to exercise caution on all levels when browsing online - or risk paying the price.
Phishing attempts in their infancy were clear to spot - however, now they're getting increasingly harder to identify.
Cofense has put together a handy 10 step guide for things to look out for in a phishing attack. They are:
As mentioned earlier, phishing attempts can look indistinguishable from a genuine email. But the best form of defence is to be sceptical of everything that comes into your inbox.
The level of your defences - and optimising things such as 2FA - can be the difference between an incredibly costly phishing attack and a close call.
You should apply common sense and operate with more than an air of scepticism in some situations - for example, don't transfer a hefty sum of money because an email has asked you to. Pick up the phone and call your CEO or whoever is requesting the transaction and confirm it's genuine - or better yet, ask them in person. Hackers make a living out of exploiting people - don't be their next victim.
If you spot something that doesn't look right - or you know is a phishing attempt, report it to the NCSC here.
Sometimes, the worst can happen, and you might click on a malicious link. What should you do if this happens?
If you're worried that your network has holes that could be laid bare by a phishing attack, why not get in touch with an MSP such as Fifosys and hear more about how we can help?
With 24/7/365 defences and state of the art monitoring, you can rest in the comfort of knowing that your systems are safe from malicious outsiders. We're only a phone call away.
Security
I’m sure you know yourself. You know your business. Of course you want to protect everything in it,
Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi
You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l
What business owners consider to be valuable assets will vary from one business owner to another bu