Plenty of Phish in the Sea
Updated: Sep 24
Phishing is the practice of using a reputable company's name, email signatures, and so on to get access to a person’s personal information. The goal? Tricking the email recipient into believing the message is honest and has something the recipient wants or needs and then getting them to click a link or download attachments.
Although one of the oldest forms of cyberattacks, with roots deep in the 1990s, is still one of the most widespread and harmful. It is a sophisticated and constantly evolving form of cyber attack and can be difficult to combat.
Because of the emergence and availability of well-produced and ‘off-the-shelf’ tools and templates, perpetrators are getting better at this, making it increasingly difficult to detect.
There are several common forms of phishing attacks. One of which is that of a password reset. It is not uncommon for someone to forget a password. Especially if that person follows the advice of any login system and has an array of individual passwords for each site. Certain phishing attacks take this opportunity to access important personal data, this can also be in the form of the typical “Your email address has been accessed from this location, click here to reset password and confirm your identity”.
There are a lot of potential targets for phishing attacks, as they can be aimed at any business or person. However, there are three common targets for most phishing attacks due to the information they hold, or the amounts of money they have. These are Pharmaceutical companies, government agencies, and retail or eCommerce stores. A famous example of a successful phishing attack can be seen in 2016 when hackers got access to John Podesta’s personal Gmail account, who was a campaign chair for Hillary Clinton's presidential campaign.
Most phishers use a ‘phishing kit’ which is easily available and usable even for those without superb technical skills. It is not uncommon for an attacker to use trusted brand signatures and imagery, increasing the plausibility of the attack. Research has revealed that variants of Microsoft, PayPal, and Dropbox have been used in previous attacks.
It is important during current times to be aware of phishing attacks. With most industries working from home at the current time, especially for small businesses. This is because cybersecurity may not be as beefed up as larger companies.
A lot of businesses are using a chat room or communication provided to keep employees in contact with each other, and this can be a target for phishers. An important technique to avoid falling for a phishing attack is to know your company's processes and being able to spot anomalies. Also, having a solid cybersecurity plan or provider in place can minimise the chance of someone you don't want to get access to your personal info.