Plenty of Phish in the Sea
Updated: Nov 1, 2020
It was in March 1992 that the expression "surfing the web" was first coined by librarian Jean Armour Polly. Now nearly 30 years later, the sea of daily internet browing is the home of an ever-growing phishing problem.
Phishing is the practice of using a reputable company's name, email signature, or 'login page' to get access to someones personal information. The goal? Tricking the email recipient into believing the message is honest and convince a victim to click a link, download attachments or enter login details.
Although one of the oldest forms of cyber attacks - with roots deep in the 1990s - it is still one of the most widespread and harmful attacks that circulate our widely connected lives today. It is a sophisticated and ever-changing form of cyber attack which can be difficult to combat.
There has been emergence of well-produced and ‘off-the-shelf’ tools and templates that perpetrators can use, making phising attempts difficult to detect, espeically if someone is unfamiliar with what they look like.
There are several forms of phishing attacks. One of which is that of a password reset.
It is not uncommon for someone to forget a password. Especially if that person follows the advice of any login system and has a variety of different passwords for each site. Phishers take advantage of this and try to access important personal data. An example of this could be “Your email address has been accessed from this location, click here to reset password and confirm your identity”.
There are a lot of potential targets for phishing attacks, as they can be aimed at any business or person. However, there are three common targets for most phishing attacks due to the information they hold. These are Pharmaceutical companies, government agencies, and retail or eCommerce stores. A famous example of a successful phishing attack can be seen in 2016 when hackers got access to John Podesta’s personal G-mail account, who was a campaign chair for Hillary Clinton's presidential campaign.
Most phishers use a ‘phishing kit’ which is easily available and usable even for those without superb technical skills. It is not uncommon for an attacker to use trusted brand signatures and imagery, increasing the plausibility of the attack. Through research, it has been revealed that variants of Microsoft, PayPal, and Dropbox have been used in previous attacks.
It is important during current times to be aware of phishing attacks. With most industries having the option to work from home at the current time, especially for small businesses. This is because their cybersecurity may not be as beefed up as larger companies, therefore more susceptable to such attacks.
A lot of businesses are using a chat room or communication provided to keep employees in contact with each other, and this can be a target for phishers. An important technique to avoid falling for a phishing attack is to know your company's processes and being able to spot anomalies. Also, having a solid cybersecurity plan or provider in place can minimise the chance of someone you don't want to get access to your personal info.