What is Phishing? And How Can you Prevent Phishing At Your Organization?


Cyber criminals have grown bolder and more creative over the last several years, but there’s a technique that’s time tested and hasn’t yet “gone out of style.” Many cyber criminals still practice phishing, blanketing a variety and multitude of individual e-mails and phone numbers in order to lure in a victim and steal their information. While some incorrectly view phishing as outdated and ineffective, the method is good for luring in those who don’t know much about their own cybersecurity.

What is Phishing?

Phishing is a form of cyber attack that’s carried out using phone numbers, e-mail accounts, and even social media accounts. The basis of phishing is gathering a list of these and then sending out a message through these channels, in which a victim is meant to respond. The message which is transmitted is usually written with the intention to receive information from the victim of the attack, such as bank numbers, credit card numbers, or even social security numbers.
The bulk of the attack is managed through links, which will lead victims to an official-looking site but is actually part of the cyber attacker’s network. When the information is entered, the attacker has the information for good and can store it for a later date, or even sell it to others. Phishers can also spread malware and viruses through the messages they send.

Preventing Phishing Attacks

Phishing can happen to anybody but there are ways to prevent it from happening to you. The number one tool you have at your disposal is vigilance and knowledge of phishing’s existence in the first place. Scammers typically choose flashy content in their messages, telling victims that “urgent action is required” or that “information has been stolen from you.” These messages, which cause a panic and a substantial amount of fear, are simply meant to persuade the victim to click the attacker’s links.
Never click a link which looks suspicious or disingenuous. Always check who sent you the e-mail and check to make sure they’re familiar to you – check carefully too, as phishers will often change some subtle details of a well-known source to gain trust. Some phishing schemes are actually written in purposefully terrible grammar, to ensure the victim clicking the link simply isn’t looking at the content of the message carefully.

Spear Phishing

Generally, phishing attacks are large scale and target the general population, not caring about who the victims are. There are some types of phishing attacks, however, which target specific individuals. These are well-curated messages meant to capture a complete sense of trust from the victims before the phishing occurs.
These types of targeted attacks are difficult to distinguish from legitimate messages, but they’ll always be aiming to collect deeply personal information from you that you would and should never give out, such as financial information.
There’s also whale phishing, a type spear phishing where the victim is a high ranking or highly important member of an organization, such as a large corporation or even the government.