Claranet | What Is Phishing

Issue link: https://insight.claranet.co.uk/i/1308886

Contents of this Issue


Page 1 of 5

2 Executive Summary Phishing, a form of cyberattack based on social engineering, is the top security risk for organizations today. Phishing techniques range from mass email blasts and text messages to targeted attacks against individuals with highly valuable information. Counterfeit websites play a prominent role in phishing exploits, imitating trusted websites and companies to instill confidence in potential victims. Organizations can defend against phishing attacks with email security solutions and web address filtering. However, the most effective countermeasure is a trained and diligent employee. Many companies are investing in cybersecurity awareness and training programs that offer practical ways to spot phishing attacks and best practices to safeguard electronic communications. What Is Phishing? Phishing is a form of social engineering in which an attacker masquerades as a trustworthy entity and tries to persuade, scare, or threaten the recipient to take a specific action or reveal personal information that leads to a security compromise. Phishing attacks use email, text messages, social media posts, voice communications, and other media. Often, they contain links to counterfeit websites designed to trick them into revealing sensitive information such as usernames, passwords, account numbers, and credit card details. More than a decade after its first appearance, phishing remains the most common type of cyberattack. In a recent survey, 96% of organizations say that email phishing scams pose the biggest security risk, followed by end-user carelessness (76%) and social engineering (70%). 2 Supporting this finding, a detailed analysis of 750 security incidents found that phishing was the top category (37%). 3 Who Is at Risk? Virtually anyone in the organization who uses email, texting, instant messaging, social media, or voice communications is a potential phishing victim. In the past, attackers sent out thousands or millions of phishing emails in the hope of snaring a few victims. Recent years have seen a shift to more targeted techniques such as spear phishing and voice phishing (vishing). Today, phishing attacks increasingly target executives, both because their contact information is often publicly accessible, and they are more likely to possess valuable data. Cyber criminals then use stolen email credentials from the executive to send authentic- looking messages requesting employees to wire money to offshore accounts or commit other kinds of fraud. Business email compromise (BEC), a scam involving unauthorized wire transfer, accounted for more than $1.2 billion in losses last year. 5 1. Customer information 2. Financial information 3. Strategic plans 4. Board member information 5. Customer passwords 6. R&D information 7. M&A information 8. Intellectual property (IP) 9. Nonpatented IP 10. Supplier information 4 Most Valuable Information to Cyberattackers Executives see phishing as the number one cybersecurity threat to their organizations. 1

Articles in this issue

view archives of eBooks - Claranet | What Is Phishing