Phishing is an email scam designed to trick the recipient in to giving valuable information to a hacker. Have you ever received invoices claiming money owed, unsolicited UPS or FedEx shipping notifications, or emails claiming your online bank password needs to be reset? These are phishing emails trying to reel you in by imitating legitimate businesses and their communications; once you click the link or open the attachment the hacker has set the hook. Here are some Google Image examples of phishing emails: http://bit.ly/2qkHAOU.
Business-grade email systems that have a decent anti-spam filter will catch most phishing emails these days, and anti-virus programs are able to detect and prevent most malicious attachments and phishing websites. To get around these advanced prevention technologies, hackers have become more sophisticated in their approach and have developed a technique called spear-phishing. Spear-phishing is a very targeted attack on a small number of individuals, possibly even a single user. This differs from phishing where the hackers send out thousands upon thousands of emails knowing that only a tiny percentage will ever make it to a user’s inbox, with an even tinier percentage being opened and the bait taken. Spear-phishing is usually supported by social engineering, a practice where the hacker gathers enough information about the target to accurately represent themselves as someone the target interacts with on a regular basis. Common examples of spear-phishing emails are a note from the CEO/Owner to the CFO/Controller asking them to move money to a certain account or an email from “IT” asking a user for their password to resolve an issue. Spear-phishing emails are much more difficult to detect as they usually do not include any links or attachments initially, while the hacker probes his target to see if they will fall for the trick.
How can you protect yourself? The best way to stay protected is through education. Knowing what to look for in an email to determine if it is legitimate, being suspicious of any communication that seems out of the ordinary, and verifying the authenticity of an email through another means like phone or text are all ways to avoid getting caught on the hook. Take our phishing quiz to test your knowledge: http://bit.ly/2zw0wiC. There are also many technologies available to assist in protecting you. Email systems with anti-spam, security software with anti-phishing link tracking, and spear-phishing pattern detection and testing systems are all available to help keep you safe. This article from one of our partners has some great tips on what to look for in an email to determine if it is legitimate or not: http://bit.ly/2yr77Yx.