From ransomware to SolarWinds, the cybersecurity space has been as hectic as ever over the past 12 months. However, for all of the emerging threats on the horizon, phishing – one of the oldest pain points in cybersecurity – continues to wreak havoc for enterprises around the world.
It’s often overlooked in terms of media hype, but phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing, while 74 percent of US organisations experienced a successful phishing attack last year alone. And globally, cybercriminals exploited public fears over the COVID-19 pandemic to find new phishing victims.
Phishing remains one of the most serious risks to an organisation’s cybersecurity health, but with proper anti-phishing hygiene and best practices in place, you can shore up your defences. Here are three simple tips to help you deal with phishing threats…
1 | Know how to spot the red flags
Phishing scammers are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it’s crucial to look for the red flags.
Unusual formatting, overly explicit call-outs to click on a hyperlink or open an attachment, and subject lines that create a sense of urgency are all warning signs. Emails with these hallmarks should be treated with caution. And if you suspect a phishing attempt, contact your IT department immediately.
2 | Verify the source
Cybercriminals may impersonate someone you already know – such as a colleague, service provider or friend – as a way to trick you into believing that their malicious content is trustworthy. Don’t fall for it.
If an email is out of place, or unusual, reach out directly to the sender to confirm whether the content is authentic and safe. If not, break off communication immediately and flag the incident through the proper channels at your workplace.
3 | Be aware of vishing and other types of phishing
Threat actors have diversified their phishing efforts beyond traditional email. For example, voice phishing – or vishing – has become a primary alternative for scammers looking to gather sensitive information from unsuspecting individuals.
Similar to conventional phishing, vishing is typically executed by individuals posing as legitimate contacts – like healthcare providers or insurers – and asking for sensitive data. It’s imperative for individuals to be wary of any sort of communication that asks for personal information (via email, phone or chat), especially if the communication is unexpected. If anything seems suspicious, break off the interaction immediately and contact the company directly to confirm the authenticity of the communication.
Phishing may be “one of the oldest tricks in the book”, but it is still incredibly effective and increasingly widespread. By exercising caution and vigilance, and by deploying these few fundamentals, you can reduce your chances of falling victim to a phishing attack.
This article has been adapted from Cyber Security Awareness Month resources supplied by the event organisers, and is published here with permission. References include:
- The 2021 Data Breach Investigations Report from Verizon
- The 2021 State of the Phish Report from Proofpoint
Get end-to-end protection for your organisation.
Our Cyber SoC leverages state-of-the-art Microsoft Security technology – including Azure Sentinel – to continuously monitor connected environments.
With cloud-powered data processing, cyberthreats are detected, analysed, and managed in near real-time to provide comprehensive, end-to-end protection.