What’s a Phish?
I was reviewing my junk mail folder the other day, looking for “false positives”. You know, those emails that get caught by your SPAM filter, the one that you’ve been waiting on to finish a project. Well, I came across one in particular that made my heart jump up into my throat. It started out with my username and listed an old password that I hadn’t used in years, but it was enough to catch my attention. How easy it is to fall for these types of phishing attempts. They scare you just enough that you’ll click on the link to see what they really have.
According to a recent article that I read, 91% of cyberattacks begin with phishing emails. So what exactly is “phishing”? Well, as the name implies, it’s not much unlike regular fishing. A hacker will entice you with bait (aka click bait), hoping you’ll bite. Phishing takes place when a malicious email or attachment is sent to you with the hope that you’ll fall for their cleverly crafted prose and interact with them on some level with the belief that the email has come from someone you know or trust.
We all get busy and are rushed to complete projects, or respond to important emails and get information out as quickly as possible. I’ve been there, done that, and I’ve already lost several of the t-shirts. Believe it or not, hackers know this, in fact they are COUNTING on it. They want you to breeze over and click or respond out of habit, rather that taking to time to verify the source.
Unfortunately, there really isn’t a “silver bullet” to prevent malware attacks such as these. Large organizations can spend hundreds of thousands of dollars to implement cyber-security hardware and other prevention systems. Hackers know this and are bypassing the locked gate, to find someone who can unknowingly let them in by other means, and it’s working.
But there are steps they can take to greatly reduce the risk:
- Consistent periodic training – Enable your team with consistent cyber security awareness training to keep them up to date on the latest threats and how to identify them.
- Internal phishing tests with immediate training feedback – What better way to train than by testing? It’s better to learn from a harmless phishing attempt that provides immediate feedback on what to look for to help your team identify and avoid malicious emails.
- Sandboxing or similar 3rd party service – Sandboxing service detect and monitor email with attachments and links, opening them within a secure environment to verify their authenticity, before they reach your inbox!
Cynergy Technology can provide these services and more! Don’t face these threats alone. Let us help you find the right solution for your business.