In any cybersecurity strategy, accounting for human error is essential. By some estimates, phishing attacks—in which a bad actor attempts to elicit personal information from a target using deception—account for roughly 90% of business security breaches. With the volume and sophistication of...
What is… phishing?
Phishing is the word used when a cybercriminal sends you some sort of electronic message to trick you into doing something insecure. The “fishing” metaphor refers to the idea of getting you on the hook and then reeling you in. The crooks behind this sort of crime, who are known colloquially as phishers, usually use email, because it is surprisingly easy to mock up messages to look realistic. But phishing attacks may also arrive via social media, SMS or other instant messaging platforms. Here are some examples of the sort of treachery used by phishers:
- You receive an invoice detailing a modest purchase from a well-known online site, complete with ripped-off logos and text copied from a genuine invoice. At the bottom is a legitimate-looking link or button to
[Contest this charge]or
[Query this purchase]. You know you didn’t make the purchase, so your inclination is to click through and log in. But if you do, you end up on an imposter login page, and your password ends up in the hands of the crooks.
- You receive an email from someone apparently applying for a job that’s currently advertised on your company website. Attached to the email is a file that looks like a document containing a CV (résumé). Your inclination is to open it, but if you do, you inadvertently run a booby-trapped file that allows the crooks to implant malware on your computer.
- You receive a marketing email inviting you to take a realistic-looking survey in return for a chance to win a shopping voucher, or an iPhone, or a holiday. Your inclination is to fill it in, but along the way you are asked to provide personal data that you would normally keep to yourself, such as your birthday, your home address or your credit card details.
What to do?
Phishing can be hard to spot, because phishers don’t always make telltale
speeling errorrs or
gammatrical misteaks. The phishers may know your real name and address, so they don’t always start with giveaways like
Dear Sir/Madam, or use a vague address such as
Arizona. Here are some tips to avoid getting sucked in:
- Don’t enter passwords into login pages that show up after you click on a link in an email.Bookmark the official login pages of your favourite sites, or type the URLs into your browser from memory.
- Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.
Set up an “ask the experts” email address inside your organisation, e.g.
firstname.lastname@example.org. That gives your users a quick way to ask for advice about unexpected emails and unsolicited attachments.
- If in doubt, don’t give it out! Your personal data simply isn’t worth the vanishingly small chance of winning an iPad from a marketing company you’ve never heard of.
Phishing gets its curious spelling from a 1970s crime known colloquially as phreaking. Hackers figured out how to make free calls using a variety of illegal tricks to “freak out” the telephone system, for example by playing special musical tones down the line. Freaking the phone system morphed into phreaking, and by analogy, fishing for user’s passwords and other personal data became known as phishing.
More General News Posts
How can organizations foster a workplace environment that enables employees to acquire the skills needed to keep cyber-threats at bay?Read now
In an increasingly complex and interconnected digital landscape, personal cybersecurity empowers you to protect your data, privacy and digital well-beingRead now
Original price $318.00 - Original price $318.00Original price$318.00$318.00 - $318.00Current price $318.00
The Ruijie Reyee RG-RAP6262(G) Wi-Fi 6 Outdoor Omnidirectional Access Point is a high-power outdoor omnidirectional dual-band access point provided...View full detailsOriginal price $318.00 - Original price $318.00Original price$318.00$318.00 - $318.00Current price $318.00
Original price $196.30 - Original price $196.30Original price$196.30$196.30 - $196.30Current price $196.30
Please note:- No PoE Injector Included- Due to chip supply shortages, the U6 AP's LED has been limited to only white and blue colour modes. The A...View full detailsOriginal price $196.30 - Original price $196.30Original price$196.30$196.30 - $196.30Current price $196.30
Original price $0.00 - Original price $888.08Original price $0.00$167.63 - $888.08$167.63 - $888.08Current price $167.63
The Access Point AC Mesh (UAP AC Mesh) is a high-performance, outdoor-ready, dual-band, 802.11ac WiFi access point than can reach a 1.1+ Gbps aggre...View full detailsOriginal price $0.00 - Original price $888.08Original price $0.00$167.63 - $888.08$167.63 - $888.08Current price $167.63
Original price $209.00 - Original price $209.00Original price$209.00$209.00 - $209.00Current price $209.00
Ruijie Reyee RG-RAP2260(G) is a high-performance entry Wi-Fi 6 AP for large indoor areas. This product is an ideal choice for many wireless scenari...View full detailsOriginal price $209.00 - Original price $209.00Original price$209.00$209.00 - $209.00Current price $209.00
Original price $338.63 - Original price $338.63Original price $338.63$343.51$343.51 - $343.51Current price $343.51
Please note:- No PoE Injector Included- Due to chip supply shortages, the U6 AP's LED has been limited to only white and blue colour modes. The A...View full detailsOriginal price $338.63 - Original price $338.63Original price $338.63$343.51$343.51 - $343.51Current price $343.51