What is Phishing?
According to IBM, phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data (e.g., Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organizations to cybercrime.
According to the FBI, phishing emails are the most popular attack method, or vector, used by hackers to deliver ransomware to individuals and organizations. IBM’s Cost of a Data Breach 2022 found that phishing is the second most common cause of a data breach (up from fourth most common last year), and that data breaches caused by phishing were the most expensive, costing victims USD 4.91 million on average.
Best Practices Against Phishing
- Spam Filter
- External Email Notification Heading
- Web Filter
- Antivirus
- Regular user Education
- Hover over links to review for validity
- Do not open attachments from unknown sources
- Call colleagues/vendors to verify requests
- Implement and follow processes for validating information
- Multifactor authentication
- Keep software up to date
- Backup data regularly
Avoiding Phishing Scams
According to the FTC, here are signs that this email is a scam, even though it looks like it comes from a company you know — and even uses the company’s logo in the header:
- The email has a generic greeting.
- The email says your account is on hold because of a billing problem.
- The email invites you to click on a link to update your payment details.
While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information.
Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they’re spoofing.
