Phishing attacks are a highly effective way to target not only a person, but an organization.

Phishing is a targeted attempt by an individual or group (team) to solicit information from unsuspected users by employing social engineering techniques. Social engineering is an art of deceptive behavior to trick a user into divulging information that is sought, and then used against that person or the organization they are employed by. Every day, thousands of crafted emails are sent to their respective targets. Everyday, more and more users fall victim to these scams. Phishing is not only conducted by email, but by text message as well.

Phishing attempts generally have the same goal in mind. They are designed to capture information such as account numbers, social security numbers, login credentials or some other form of information that can be used to cause collateral damage.

Phishing campaigns lure their victims into a false sense of security by spoofing familiar content, or trusted logos of an establishment, such as a legitimate company. Sometimes, criminals pretend to be a family member, or another employee you may recognize within the company.

A new report from PhishLabs establishes phishing campaigns remain the easiest and most productive attack vector used by criminals. PhishLabs has also reported that the company enterprise is now the most sought target in 2018 versus the past most valuable target, the consumer.

There is a phishing season. In October, phishing attacks increase by an average of 50%. 71% of phishing emails in 2018 ranged from September 1st, to October 31st that were focused on impersonating top 10 organizations.

3 Good Ways On How Can Phishing Be Prevented

There are numerous ways organizations can take a stance against phishing attacks.

• Employee Training. Employee’s are an organization’s greatest asset. One bad link click can corrupt an entire network of systems. It is important that employees are aware of these types of attacks, and are trained to recognize them. No security is perfect, nor is the human. The human is the greatest weakness is cybersecurity. The best way to train an employee is to conduct real life scenario phishing training. CyanLine has the capability to customize a phishing attempt sent to an authorized list of emails within your company to help them recognize what some of the tactics are that are employed by real cyber criminals. Employees should be trained not to click on attachment links from unknown senders, as well as unverified. Properly training employees can reduce the click through rate of opening malicious attachments, or following a link from 33% to 13%.
• External Message Warning. Deploying a set of rules against unknown sender’s will help filter targeted emails. Displaying an unknown sender, or external message warning alerts the end user of a potential suspicious email.
• Dedicated Personnel. If the budget, and effort allows. Having someone in the organization dedicated to reporting phishing emails is effective. Have a person send the phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group (APWG) includes ISPs, security vendors, financial institutions and law enforcement agencies. The APWG uses forwarded phishing emails to fight phishing. You should also report the phishing email to the organization impersonated in the email. Your forwarded phishing email is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with “full email header” into your favorite search engine.

Here is an example of what a phishing email may look like.