Phishing attacks have been a problem for many years, but they have become increasingly difficult to detect recently because of the rise of sophisticated phishing kits. These kits provide everything a cyber-criminal needs to set up a phishing site and send out mass emails to launch a spearphishing attack. A new study found that it's possible to make a complete phishing kit in as little as 20 minutes by using one of these pre-built kits.
Here's what you need to know about phishing attacks, how they work and how you can protect your company from them.
What is a Phishing Attack?
A phishing attack occurs when a cybercriminal sends an email or some sort of message that appears to come from a legitimate company or person in order to obtain personal information. It's called phishing because attackers attempt to "fish" for sensitive data by sending emails that pretend to be trustworthy sources. The goal is to trick people into giving up their usernames, passwords and personal information through deceptive emails. These emails might look as if they come from your bank, or your employer but in actuality they are coming from a hacker or online threat that is interested in gaining access to your accounts and funds.
How Do Phishing Attacks Work?
Phishing attacks typically come in two forms- spearphishing and whaling . Spearphishing is when cybercriminals gather information about an individual company or person to get personal details that can be used to get access to private accounts. Whaling is the practice of attacking high profile targets like senior executives who have large amounts of funds available via their accounts.
How to Identify a Phishing Attack
Phishing attacks are typically easy to spot with some basic knowledge of how they work. A successful phishing attack will often include the following elements:
The message will claim to be from an official company or person but in actuality it is coming from a fake account set up by cybercriminals. Pay close attention to the actual email address, it will not be the same as the person or company you know.
The email will ask for personal information or request access to accounts. If you are asked for your username and password or account number, it is probably a phishing attack. Legitimate companies will not ask for this type of information via email, they will usually have you log into your account on their website, which can be accessed via a link included in the email.
The message might be sent in mass quantities to many people in an attempt to get a higher number of victims, or it may be targeted toward a specific person in the company like the CEO. The goal is always to obtain access to personal information and accounts for malicious purposes.
What You Can Do To Protect Yourself From Phishing Attacks
Spearphishing typically targets individuals, so cybercriminals are looking for specific types of information about you. They might try to get your name, email address, phone number or any other info that will help them create a fake identity to use when setting up their phishing attack.
Be sure to watch documents and other things you open in your email closely. If you find that you accidentally clicked a link or downloaded a corrupted document, it is best to change your password on your accounts and delete the email or document immediately. Other measures may need to be taken if they did indeed gain access to your information. The internet can be a scary place, and we never know when we will be the target of a phishing attack.