Let's start with a story...
Cast your mind back just a few weeks to that long, blisteringly hot summer. It’s a lovely evening and Trevor the trout is happily swimming along in the lake, minding his own business.
He’s heard tales of scary humans who sit by the water with big sticks, luring fish like him away from their families, but he’s never actually seen one himself. Besides, he’s careful. He wouldn’t get caught out like the other silly fish. “I’ll be fine,” he says to himself. “Nobody’s going to pick on me.”
Out of nowhere, something above the water catches his eye. It’s the biggest, juiciest insect he’s ever seen in his life. It smells deliciously revolting, and he can’t resist it. He leaps towards the surface, catches it in his mouth and closes his eyes, ready to savour this fine delicacy.
Uh-oh. Before he has any time to think, poor Trevor’s ﬂying through the air towards what he quickly realises must be one of those legendary scary humans.
He’s caught on a hook, and no matter how hard he tries he can’t get free. Within a few short minutes it’s all over, and later that same evening he’s someone else’s dinner.
Not exactly War and Peace, and we’re sorry if Trevor’s sad tale has put you oﬀ your tea. But we’re here to tell you all about Phishing, and it’s got a lot more in common with the popular leisure activity than name alone.
What is Phishing?
Cybercrime is big business, and phishing attacks are one of the baddies' favourite routes into an organisation. You’ve probably heard of them, but you might not be 100% clear on exactly what they are and how they work.
Here’s a simple definition:
A phishing scam happens when a cybercriminal pretends to be someone else to gain information. Commonly they do this by sending fake emails designed to look like they’re from a trusted source, such as the CEO
The aim is to make the victim feel a sense of fear, curiosity or urgency so they quickly open a dodgy attachment or send important details like bank/credit card details, usernames or passwords.
They rely on the fact that most staﬀ are eager to please their superiors and won’t question them, so
they freely give out sensitive information they would normally hang on to.
You may think you're too smart to be phished..
These people are very skilled at what they do and can create emails that look so much like the real thing that even the savviest staﬀ member can easily be caught out at the end of a busy day.
For that very reason, phishing scams are often deployed towards 5pm or last thing on a Friday when people just want to get home and take their eyes oﬀ the ball.
Some statistics you need to know:
The average cost of a phishing attack for a mid-sized company is £1.22 million. That sort of money is difficult for any company to give up, but for many, it could signal the end altogether.
Phishing attempts rose by 65% between 2017 and 2018. They’re not specific
to any particular industry and businesses of all
sizes have been attacked.
30% of phishing messages are opened by targeted
users, with 12% of those users going on to click the links or attachments.
Nearly 1.5 new phishing sites are created every
Back to the fishing analogy for a moment...
There are lots of different ways to catch a fish. Paddling in rockpools with a net; rod fishing; line fishing; trawling; spearfishing and more.
Phishing takes different forms too, and to have any chance of staying ahead of the cyber criminals you need to understand how they will try to reel you in.
A recent Gmail phishing scam targeted nearly a billion users across the globe. It was fiendishly simple but tricked a lot of people.
Here’s how it worked.
Victims received a text message asking if they’d requested a new password for their Gmail accounts. Of course, the vast majority had not. Confused targets were then prompted to
text back “STOP” to confirm the request had nothing to do with them. They were then sent another text urging them to send their 6-digit numerical access code to prevent their accounts being compromised.
Of course, the opposite was really happening. Instead of protecting their Gmail accounts, they were giving the hackers the ability to reset their passwords. And so, access to all their emails.
This type of phishing scam is known as a “wide net attack”. Trawlers cast wide nets to catch a huge amount of fish and seafood that won’t all be good enough to sell, and this method uses
the same principle. You can’t expect 100% success, but plenty will fall for it. And in this case, even a relatively small catch can reap impressive rewards.
And we haven't even got onto the dangers of Spearphishing yet!
But you'll have to download our Guide to know more about that!
If you want to understand more about Phishing, and how tactics like Spearphishing can seriously harm your business and your employees, download our FREE guide to Phishing by filling out the form below!
OR if you're really serious about your security, and KNOW you want to avoid any Phishing risks, then put your IT security in the hands of trusted professionals.
You’re already working hard, so you could probably do without the hassle of having to keep your entire computer system ship shape and safe from cyber attackers. Working in partnership with reputable IT experts who can prove they’re worth their salt will help you sleep better at night and send the hackers further upstream to in search of a better catch.
We’d love to do a security audit on your business and uncover the technology and people areas where you are at risk.
Book yourself in below and we'll be in touch!
Wait... you didn't book?
"I can handle phishing, I don't need any fancy IT security..."
We're not too sure about that! Take a quick watch of the video below and see if you still say the same...
Changed your mind now? Yeah, that's what we thought...
So, I'll give you 1 last chance to book your audit in below and find out more about how Phishing can seriously damage your business!
Or, you can request a call back by simply clicking here.
For any further questions regarding Phishing or for information about whether you and your business could be at risk, please contact Lee Chappell on firstname.lastname@example.org or call 01373 864627.