Phight the phish

Phight the Phish – Cybersecurity Awareness Month

October is cybersecurity awareness month and we would be remiss if we didn’t talk about one of the greatest threats to our personal and business security: phishing. This week is Phight the Phish week which means that it’s important to understand just how dangerous phishing can be to our cybersecurity posture.

Phishing Explained

Phishing is the criminal act of using social engineering tactics combined with technical exploitation to extract your private data. Phishing can be done through a number of different avenues with the most prevalent being through email campaigns. Oftentimes cyber criminals will send what looks like a legitimate email to an individual hoping that they will either be tricked into handing over login credentials or clicking on a malware link. Some telltale signs of phishing emails include:

  • A sense of urgency – Criminals will often use language that calls for an urgent response in order to trick someone into responding without thinking.
  • Unusual requests – If you receive an email from your boss requesting information you’re not used to giving out like payroll documents or login credentials it’s probably best you double check to make sure it was actually them. Business email compromise schemes can be difficult to spot at first glance.
  • Spelling errors – One dead giveaway of a phishing email is if it contains obvious spelling errors. While today’s phishing emails can be pretty sophisticated simple spelling or grammatical errors could be an obvious sign that the email wasn’t sent from someone you can trust.

While emails aren’t the only way a cyber criminal can implement phishing it is the most likely way you’ll come across it. According to Tessian, roughly 96% of phishing attacks arrive via email. Other forms of phishing include smishing, a form of phishing that uses SMS messaging, and vishing, which is a form on phishing that happens over the phone.

Statistics You Should Know

An important part of Phight the Phish week is making sure you’re educated about the potential risks of phishing on your organization. Here are some statistics that help put this issue into perspective.

There are 3.4 billion phishing emails sent out worldwide, everyday – Digital in the round

With such a sheer volume of phishing emails being sent out it’s not a matter of if you’ll be targeted, but rather when.

The Average cost of BEC attacks rose from $75,000 to $106,000 in Q2 of 2021 – APWG

Business email compromise attacks are a lucrative crime. That’s why it’s important to make sure all of your employees have gone through security awareness training to know the potential risks.

Phishing attacks account for over 80% of all security incidents – Retarus

Phishing attacks is the most common way that criminals can get a foothold into your organization. All it takes is one bad link to compromise your business.

How Can You Phight the Phish?

While phishing may seems like an overwhelming threat there are some practical ways that you can phight the phish! The first and most obvious way is to make sure you’re double checking who your emails are coming from and what they are asking of you. If the email is requesting you to take action now on something out of the ordinary double check to make sure the person who sent that email is who they say they are. It also goes without saying that making sure you don’t click on an suspicious links. It only takes one wrong click to let unwanted guests into your system. It is also a great idea to set up MFA to add an extra layer of security to your passwords. This means that even if your login credentials are stolen you may still be able to rely on that second form of authentication. Lastly, make sure that your employees are up to date on security awareness training so they can be ahead of potential threats.

Happy Cybersecurity Month. Do Your Part – Be Cyber Smart! Phight the Phish!

Read more about phishing in our Phishing For Awareness series, great security awareness reminders:

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.


Comments are closed

Learn More
error: Alert: This Content is protected!