Phishing continues to be the most common form of cyber-attack due to its simplicity, effectiveness, and high return on investment.
Phishing is a type of online scam where criminals send out fraudulent email messages that appear to come from a legitimate source. The email is designed to trick the recipient into entering confidential information (ex: account numbers, passwords, pin, birthday) into a fake website by clicking on a link.
The email will include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware. Cybercriminals will use this information to commit identity fraud or sell it on to another criminal third party.
Traditionally, phishing attacks were launched through massive spam campaigns that would have indiscriminately targeted large groups of people. The aim was to trick as many people as possible into clicking a link or downloading a malicious attachment. However, as the general public has become more knowledgeable about these types of scams, attackers have become more sophisticated and targeted in their approach.
A successful phishing attack can result in:
- Identity theft
- Theft of sensitive data
- Theft of client information
- Loss of usernames and passwords
- Loss of intellectual property
- Theft of funds from business and client accounts
- Reputational damage
- Unauthorised transactions
- Credit card fraud
- Installation of malware and ransomware
- Access to systems to launch future attacks
How to Prevent Phishing
MetaPhish, our phishing simulation sowftware, has been designed to provide customers with a powerful defence against phishing attacks by training employees how to identify and respond appropriately to these threats. The software contains a library of smart learning experiences such as infographics, notices and training videos and unlike other phishing solutions, the software allows the user to communicate back to the administrator.
MetaPhish enables organisations to find out just how susceptible their company is to fraudulent phishing emails and helps identify those users that require additional training.