There has been a significant and constant rise in phishing attacks. They are becoming more effective and they are continuing to target more people.
that almost 30% of the people targeted by phishing email scams went on to open the email, and a further 13% went on to open the subsequent link, which is high considering any percentage is too high.
No one is safe. Data breaches and data leaks have affected retailers, banks, US internal revenue service and universities, all off the back of phishing attacks.
The term “phishing" is basically a hacker’s phrase for conning an online user, usually through email, with the aim of tricking them into revealing valuable information such as passwords, account numbers etc, or even downloading malware onto their PC. In other words, an online robbery.
These attacks are usually email-orientated on the basis of how easy it is for the scammers to impersonate other individuals, with fake return addresses included. There are four main kinds of phishing attacks:
This is an attempt to gain access to information, the likes of usernames, passwords and credit card details, by pretending to be someone you’re not, and hiding as a trusting entity through email.
Spear phishing is similar only as it is specifically directed at individuals or specific companies. Like hunters, they sought out their prey and they attack with accuracy. This technique of phishing is by far the most successful scam on the Internet today, as it makes up 91% of online attacks.
This is a phishing attack where, a formerly legitimate email containing links, has been taken and used to create an identical fraudulent email. Replacing the original link with a new malicious link, this is then sent from a fake email address, in an attempt to appear to come from the original email address.
Whaling are the kind of attacks that are aimed at higher end personnel within companies, the likes of senior executives CEOs and CIOs. In this instance, the masquerading email usually takes the form of a customer complaint or an employee issue, in order to gain their attention. People in this position usually tend to have more valuable information and more financial power.
Overall, phishing attacks produce two main victims. For example, the person who is being attacked and the company who is being impersonated. Essentially, if you were to receive an email that appears to be from your university, and it asks you to freely give up passwords and personal information - you have become a victim of fraud. Furthermore, the reputation of the university has been compromised and you are less likely to trust any genuine emails from your university from here on in.
Phishing attacks are very real and they are only going to become a bigger threat, so remember to be vigilant and educate yourself and your organisation on the subject.
Organisations can protect themselves against these types of phishing attacks by making sure that all of their employees are trained to watch out for suspicious activity.