09 Dec Phishing Attacks: What Exactly Are They?
Phishing attacks… you have probably heard of them, but do you really know what they are and how they can affect your business?
What are phishing attacks?
Phishing attacks are one of the most widespread ways cyber criminals use to attack Australian businesses. Scammers will use email, text messages, social media, phone calls or instant messenger apps to deceive you into giving away your personal details.
They may trick you into giving away your passwords, personal security numbers, user data, login details and credit card numbers. Once they have this information, typically when a user clicks on a malicious link, the scammers can gain access to your bank accounts, email accounts and any other accounts that could be financially beneficial to them.
Attackers can use this information to commit identity fraud, make unauthorised payments or steal money from your bank account. Phishing attacks can be extremely devastating to small businesses, as well as individuals and as we have seen, cyber crime is on the rise in 2020.
How do Phishing Attacks Work?
Emails and messages from these cyber criminals can look extremely convincing and will replicate messages you generally receive from banks, online shopping sites, credit card companies, and other companies you trust.
These messages will usually have the same look and feel to the real thing, often replicating the same font, presentation, logos, and wording used by a legit company. They will frequently involve some sort of call to action from the unsuspecting user, that is ‘urgent’, leaving individuals unknowingly giving away personal information or money.
Typical wording for phishing attacks include:
- There is a problem with your payment information or account details
- Suspicious activity has been noticed on your account, click to update your details
- Fake payment requests or invoices
- Your personal information needs to be updated
- You have won in a free prize draw
- There is a problem with your subscription billing information
What is Spear Phishing?
Spear phishing is a more advanced technique than general phishing attacks, which target the masses and are sent out to random unsuspecting users. Spear phishing will target a specific person or organisation, using targeted knowledge and research about the company’s structure and way of working.
Scammers will identify and target high-valued individuals within an enterprise, using methods such as researching annual reports, press releases, shareholder information, social media sites and other publicly available information.
The attacker will send a fake email to employees, posing as the director for example, that could trick the recipient into sending over a payment or logging in to a secure password protected document. The style of writing, font and company’s logo will all look extremely convincing, leading to data being compromised and scammers having access to sensitive information.
Across the media, cyber attacks on small and medium enterprises (SME’s) is on the rise, particularly during the COVID-19 pandemic, where scammers are taking increasing advantage. Since the start of the outbreak the Government’s Scamwatch has obtained 3060 reported scams, in relation to coronavirus, with losses of over $1,371,000.
Cyber security tips for individuals
Cyber security is just as important, whether at work, home or on the go. Tips for individuals to help protect yourself form the most common cyber attacks include:
- Reduce the amount of personal information there is about yourself or your friends and family as much as possible. Only give out personal details if you really have to and to companies you can be sure to trust.
- Password protect all your devices and do not allow others (you do not know well enough) to access your computer or laptop.
- Turning on two-factor authentication (2FA) is a great way to reduce the risk of cyber crime. This will ask you for two ways to authenticate your account whilst logging in. For example, a password and a code that is sent to your phone.
- Be aware of possible fraudulent emails and do not click on links in an email to update your information, always go directly to the main website.
- Check the full email address of who is sending you the email. These addresses can look obviously spammy or can look quite realistic, double check if you have suspicions.
- If shopping online, research seller websites that appear to be selling products at rates surprisingly cheap, or of companies you have not heard of/ used before.
- Change passwords regularly and update old passwords.
- Be careful when using public Wi-Fi, as the connections are not secure, and people may be able to see what you are doing.
- Keep your devices and software up to date.
Preventing phishing attacks on small and medium businesses
SME’s often underestimate the need for cyber security until it is too late. Here are some steps to help small and medium businesses protect their organisation from phishing attacks.
- Two-factor authentication (2FA) is one of the best ways for stopping phishing attacks in their tracks. It provides an added layer of protection when logging in to documents and systems that hold sensitive information.
- Educating staff members on cyber security and preventive measures can limit of opportunity for employees to be tricked into giving away secure information.
- Ensure all employee passwords are strong, changed regularly and people are not using the same password for multiple functions.
- Invest in a complete security software system.
- Keep regular backups of company data and information.
Phishing attack protection from Cube Cyber
Here at Cube Cyber, we offer cost effective advanced security solutions for small to large sized businesses.
We use Cisco Email Security with Advanced Malware Protection (AMP), which blocks spam, phishing emails and malicious email attachments and websites.
Our Next Generation Firewall service offers malware and intrusion protection, website filtering, network activating and log retention, 24/7 incident response, and more.
If you are looking to install advanced protection for your business, update an older system or would simply like a quote, please get in touch with us today. You can also try our free 21-day trial for your business.