What is Phishing
According to IBM, phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data (e.g., Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organizations to cybercrime.
According to the FBI, phishing emails are the most popular attack method, or vector, used by hackers to deliver ransomware to individuals and organizations. IBM’s Cost of a Data Breach 2022 found that phishing is the second most common cause of a data breach (up from fourth most common last year), and that data breaches caused by phishing were the most expensive, costing victims USD 4.91 million on average.
Best Practices Against Phishing
Spam Filter
External Email Notification Heading
Web Filter
Antivirus
Regular user Education
Hover over links to review for validity
Do not open attachments from unknown sources
Call colleagues/vendors to verify requests
Implement and follow processes for validating information
Multifactor authentication
Keep software up to date
Backup data regularly
Avoiding Phishing Scams
According to the FTC, here are signs that this email is a scam, even though it looks like it comes from a company you know — and even uses the company’s logo in the header:
- The email has a generic greeting.
- The email says your account is on hold because of a billing problem.
- The email invites you to click on a link to update your payment details.
While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information.
Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they’re spoofing.