Phishing: Everything you need to know to avoid getting hooked

Phishing: Everything you need to know to avoid getting hooked

Ransomware, spyware, and computer virus infection rates have gradually increased over the years. Many believe it’s because hackers are getting better at concocting potent strains of malware that can slip past antivirus software and firewalls.

While this is partly true, the biggest reason malware infections have soared is because of phishing -- a scam that uses spoof emails to trick users into giving away sensitive information, or in this case downloading a malicious program.

Origins of phishing

The first wave of phishing attacks started in 1995, when hackers sent fraudulent account verification emails to users while posing as AOL employees. Though they weren’t particularly sophisticated, the emails still managed to lure many people into giving away their login credentials and billing information.

Soon after, other hackers created phishing scams of their own hoping to recreate the success of the first scam. One of the most popular involved “Nigerian prince” emails, whereby a hacker posing as royalty implored email recipients for help in transferring millions of dollars out of Nigeria, promising to reward them a portion of that amount in return. Victims who fell for the hoax shared their bank information, social security number, and other private data, which the hacker then used to empty their bank account.

While these types of scams are laughably obvious today, modern iterations of phishing continue to be the most frequently used attack method.

According to cybersecurity firm PhishMe, 91% of cyberattacks start with a phishing email. What’s more, a recent study found that phishing scams cost US businesses approximately half a billion dollars a year.

What a modern phish looks like

The elements of modern phishing attacks are still very much the same as the AOL scams. In order to fool users, hackers still masquerade as a legitimate entity like a bank teller, friend, or a CEO. The most significant difference between then and now is the sophistication of the email.

Unlike the Nigerian prince email, which was riddled with spelling mistakes and grammar errors, a modern phish looks professional, uses a trustworthy address, and displays a logo of the company they’re pretending to be. The body of the email (or the bait) is much more enticing to readers these days, too, preying on their curiosity, creating a sense of urgency, and promising an irresistible reward.

Scammers even perform background research on their targets to increase their chances of success. A recent example of this happened in March, when a fake FedEx email urged users to download and fill out a malware-ridden attachment to receive their overdue package.

And considering people’s tendency to over-share personal details on social media, it’s not hard for con-artists to dig up specific information that can earn their targets’ trust.

How to defend against phishers

As cunning as phishing emails are, they’re entirely avoidable with the right defenses. Investing in email filtering, anti-phishing programs, and anti-malware protections prevents a large portion of phishing scams from reaching your inbox, and reduces the chances of employees being unwittingly victimized.

Standard cybersecurity precautions like enabling multi-factor authentication and using unique passwords stop hackers from hijacking all your accounts should they manage to get one set of login credentials from you or your employees.

Backing up your data is also crucial in case someone accidentally downloads an attachment containing ransomware or other data-destroying programs.

However, even with the toughest security framework in place, there’s no guarantee that your employees won’t get duped by the latest phishing scam. The key to protecting your business is security training. Teach your employees how to identify common phishing scams, alert them of new ones circulating the web, and warn them about the dangers of over-sharing personal data online.

Ideally, you want to conduct these seminars monthly to keep your staff vigilant at all times, and Founders Technology Group can help.

Your employees are the most vulnerable aspect of your business, but they don’t have to be. Call Founders Technology Group today for more information on how you can defend your staff and your business from phishing and other online scams.