How phishing works

Over 90% of successful hacks and data breaches start with phishing scams – but do you know how phishing works?

Phishing is a threat to every business across the world and can happen when fraudsters try to trick you into sharing sensitive information online. They might impersonate a legitimate company, colleague, friend, or a family member.

Read on to discover how phishing works and how to quickly spot the top phishing techniques.

Information fraudsters phish for:

Usernames and passwords
Bank account details
Personal Identification Numbers (PINs)
Credit card numbers
Your birthday
Security questions and answers

Top phishing techniques to look out for

Technology is becoming more advanced; but, in turn, cyber criminals continue to look for new methods to try to obtain information. Here are some of the ways they do this…

Spear phishing

Think of spear phishing as professional phishing – it’s much more targeted. The hacker will have access to a certain individual or organisation they want to compromise and will search for more valuable information than credit card data. They’ll make the attack more personal by looking into their target for higher chances of success.

Suspicious emails

The most common type of cyber attack is a phishing email. Hackers tend to send users a message which requests them to complete a form, the details of which can then be used for their illegal activities. Users are usually directed through a new service link provided in the email, or the message will have an urgent note to enter credentials to update the account.

Web-based delivery

The hacker is in-between the original website and the phishing system – one of the most sophisticated forms of phishing. Transactions made are traced between the legitimate website and user, and then the information is passed along.

False links

A phisher might send a link to a fake website and manipulate a user into clicking on it. This one is easy to avoid – make sure you hover your mouse over a suspicious link to view the web address.

Advertisements

Known as ‘Malvertising’, an active script is designed to be downloaded by the end user to force unwanted content onto a computer, which is usually in the form of an Adobe PDF or Flash file.

Texts and calls

A phisher makes a phone call to the user and asks them to dial a number – voice phishing. They intend to get personal information, e.g. bank details, through the phone and use fake caller IDs. Similarly, they can send SMSs to a user’s mobile device and attempt to entice them to follow links, in the hope that they’ll reveal their personal details.

Ransomware

There are many types of ransomware and these attacks can literally cripple businesses, with data being locked and under the control of the cyber criminal. The user is usually tricked into clicking on a link, opening an attachment or clicking on an advertisement.

How safe and secure is your data? Are your backups up-to-date and restore-tested? No business is immune to phishing. If you want to test the security of your IT and technology, we can help.