Do you know your phishing, from your vishing or smishing?
Businesses are being warned about the ongoing dangers of phishing in their email – and other variants being targeted at them through other platforms.
Last year 83% of organisations reported experiencing phishing attacks – that’s up 28% from 2020. And it’s expected there will be an additional 6 billion attacks this year.
These stats have been examined by local technology expert John Miller, of Smarter Technologies Ltd.
“In my experience, local business leaders have heard of phishing but don’t know the specifics,” he said.
“It’s called ‘phishing’ because cyber criminals bait unsuspecting victims into ‘biting’, much in the same way you’d lure a fish to a hook with a big juicy maggot.
“This virtual bait is usually in the form of an email. And when the victim gets hooked, their device and potentially their whole network can become infected with malware.
“Or the victim is enticed into giving away login credentials which can lead to data and even financial theft.”
There are many other forms of phishing, including:
- Vishing: Like a phishing attack but done over the phone. Someone will call and pretend to be a person or company you know, or a representative of them. They’ll ask you to take an action, such as giving them remote access to your device, or visiting a website.
- Pop-up phishing: Clue’s in the name. This is phishing via a pop-up. It may say there’s a problem with your device’s security and ask you to click a button to download a file, or call a number to get it fixed.
- Evil twin phishing: A fake Wi-Fi network is set up to look like the real deal. When you log in, the cyber criminal steals your data.
- Angler phishing : Social media posts which are created to encourage people to access an online account or click a link which downloads malware.
- Smishing: Like a phishing email, but over SMS straight to your phone.
- Spoofing: A website that’s created to look like the real thing, but isn’t. Once you log in, you’ve given away your credentials (spoofing can be used in conjunction with other forms of phishing attacks too).
John, added: “There are so many different ways cyber criminals target local businesses.
“The only protection that works is a blend of software to protect you, and training for your staff. When staff know about the red flags, they are much more likely to spot a scam before clicking a bad link.
“Your staff are the first line of your defence.”