What is phishing? Phishing is a type of cyber-attack where an attacker sends messages to targets pretending to be a legitimate organization in an attempt to steal personal information. Phishing can come in a variety of forms including emails, text messages, voicemails and even social media posts and direct messages. The tell-tale sign of phishing is that the phisher is trying to lure personal information from you, like your password, social security number, address or credit card number. This article will discuss all about phishing including how to identify phishing attempts, what to do if you click a phishing email and more.
What Does Phish Mean? Phishing vs Spear Phishing and More
There are several types of phishing. It’s important to understand the differences between different types of attacks. Some key concepts to understand include phishing vs spear phishing, phishing vs whaling and others described below.
- Smishing – SMS text message phishing
- Whaling – phishing attacks targeting high-profile employees and executives
- Spear phishing – highly targeted phishing attacks
- Vishing – voicemail or phone call phishing
- SEO phishing – when an attacker works to position their malicious link first on search results, increasing the likelihood that you will click on it
However, by far the most common type of phishing is email phishing.
What is Phishing – Phishing Examples
A common example of phishing is receiving an email posing to be a reputable source like Google, Apple or Microsoft, asking you to reset your password.
For instance, you may receive an email that appears to be from Google telling you that your password is insecure, will expire, or has been breached. The email will contain a link to reset your password, however, it will not reset it. The link will capture all of the information you share, and the attacker can then use it to access your account. They can then actually change your password and lock you out.
What Happens if You Click on a Phishing Link?
If you suspect you’ve clicked on a phishing link, be sure to notify your cyber security or IT team immediately. You’ll also want to change any information matching the info you entered into the phishing scam.
How to Spot a Phishing Email
- If you suspect a message is an attempted phishing attack, then do not click on any links or download any attachments. You should forward the email or message to your IT team right away, as you might not be the only one in the organization receiving suspicious messages.
- You can often detect phishing by checking for grammar or spelling errors, checking the sender field of an email or message, and avoiding messages that seem too good to be true. Often phishers will misspell or use grammar errors in their messages, however, this is not always the case. Sometimes the message will look very professional and appear legitimate.
- The next step is to check the sender field. If the email address says it comes from Microsoft, but it comes from john.doe@micr0s0ft.com, then you know it’s not legitimate. Sometimes, it’s small changes like making “o” a “0” that the attacker hopes you won’t notice.
- Additionally, phishing attacks will often tell you to act now, asking you to take action quickly, before you have time to think it through. If an offer is too good to be true and tells you to act now so you don’t miss out, it probably is.
Corporate Monitoring to Prevent Phishing
Finally, one of the best ways to detect phishing is to monitor your network continually. This can be outsourced so you can gain continual visibility over your potential security risks. The NIST Cybersecurity Framework demonstrates that it’s not just about responding to threats, but also about detecting and protecting against them.
To best identify threats, protect against them, and detect attacks, you need a comprehensive solution that will help you gain visibility over your vulnerabilities. We offer a variety of security solutions for businesses. Hopefully this article answers all of your questions about what is phishing and to avoid phishing pitfalls.
Contact us for a free Security & Risk Assessment. As a top managed IT services company, we can examine your network and tell you whether your business is vulnerable to cyber-attacks like phishing and can help you design a plan to secure against them.