The idea of ‘Phishing’ in the IT world is much the same as it is in the ‘Fishing’ world. Unfortunately for a business, or an end user, is that the fisherman is not looking for fish, they are looking for your data. This could be your customer data, payment information, user login details, emails and many other important things that a business or individual would want to keep private.
Phishing works the same as fishing, the attacker relies on your trust to take the bait. In your case it could be a link you click on an email which takes you to a login page to enter your user login credentials to get into a website. When unconsciously going about your day, this process could seem quite normal especially if you are a member of staff in accounts paying invoices and logging into different pages all day. Little do you know you may have just given your login details to the attacker on a page that the attacker owns themselves.
No matter how large or small the organisation, a phishing attack can reach any size and type. It could be a general attack where you could get caught in a mass push of a phishing email sent. Or it could be a well-researched targeted attack on your company to try to obtain specific information. This type is often called spear phishing.
A common technique in phishing used by attackers is called spoofing. This is where an attacker spoofs an email address within your organisation making their email look like it came from within your organisation. An internal email address is much more unlikely to be caught by a mail filtering system. They could even use their own email address and change their contact name to match someone within your organisation. Users will not often check the address the email is sent from if the contact name is someone they know.
Phishing is by far one of the hardest cyber-attacks for an organisation to prevent as it relies on the constant awareness of the user, technologies such as mail filtering, antivirus, etc, and lastly education to every user in within the organisation.
Fortunately there are products and solutions available to help to prevent a phishing attack. If you feel that you would benefit from a consultation about the cyber security services Grapevine can offer to for your business please speak to your account manager or email firstname.lastname@example.org
It could save you a lot of time, money and data.