Phishing email scams are more effective than you may think.Read our infographic Don’t Let Phishing Emails Hook Your Employees.
|By: Brand Barney|
What is a phishing scam?Phishing is a type of Internet-based social engineering. Cybercriminals use legitimate businesses and situations to email and convince their victims to give them their personal information such as social security numbers.
Some phishing emails will have the victim click on a link, which introduces malware to the user’s device. The malware can then grant access to the attacker, leaving them free to steal sensitive data. Other emails will state that an item you purchased online can’t be shipped because the credit card number wasn’t correct, or the billing address was wrong, etc. They then have you click on a link to a spoofed website and ask for updated payment/shipping information.
SEE ALSO: Top 10 Types of Phishing Emails
Why do phishing email scams work?With all the online scams that are happening, you’d think we’d be more wary of phishing email scams. Yet, these types of scams are responsible for a lot of lost data in companies.
Here are some reasons why phishing scams still work:We’re trusting
We’d like to believe the people emailing us are genuine. It’s human nature to want to trust others, especially those that reach out to us. Unfortunately, social engineers take advantage of that and use it to steal from companies.
Good phishing emails look official
Some emails can recreate a company logo and make the email look convincing. Just like a social engineer in person looks like they belong in your company, phishing emails look like they are part of the company contacting you.
When we’re scared, we tend to not act logically. Some phishing emails take advantage of that, using scare tactics to cause us to make an impulsive decision. For example, you may receive an email stating that you have had a breach of your personal banking information, and you need to click on a link to log in and change your online banking password. The attacker is banking (pun intended) that you will want to quickly protect yourself or check your online balance to ensure you still have money after the “breach.”
SEE ALSO: 7 Ways to Recognize a Phishing Email
How do you combat phishing email scams?
- Be skeptical: Always verify everything with the company you are working with, especially if it involves sensitive information. If a banking institution emails you, asking for credit card information, call them from their business phone to verify. Avoid giving important data over email when possible.
- Train employees: Make sure your employees are aware of phishing emails and what to do if they suspect they’re receiving one. Hold quarterly training meetings, if not monthly.
- Have policies: Establish procedures employees should follow should they receive a phishing email or anything that seems suspicious. This could include how to verify if an email is legitimate, who to notify, and how to deal with such an email.
Phishing is easier than you thinkPhishing email scams are more of a danger than many companies realize. And it doesn’t take a particularly skilled attacker to create a successful phishing campaign.
Similar to social engineering, phishing targets the company’s weakest link in security: the employees. An untrained employee can inadvertently cause a lot of damage to their company if they fall victim to a phishing campaign.
Remember, when it comes to emails, be smart and be careful with sharing your data.
Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. Connect with him on Twitter or check out his other blog posts.
Want to learn more about spotting phishers? Check out the infographic below!