Catch a Phish Before It Catches You

Cyber attackers are continuously creating new and sophisticated tactics to carry out cybercrimes against organizations of all sizes. While the tactics themselves are becoming more advanced, cybercriminals continue to use one of the simplest technologies to deploy these attacks: Email. Phishing emails remain the #1 threat vehicle that results in a cyber breach, attributing to an average loss of $17,700 every minute. In the 2020 Verizon Data Breach Investigations Report, they found that 94% of malware is delivered via email.

What is Phishing?

Let’s briefly go over the basics of “phishing” emails. Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution. Interacting with a phishing email can lead to infecting your computer and/or network with things like malware or ransomware. Other attacks aim to steal login credentials, personal information, or money.

There are different types of phishing depending on the target of the attack and the tactics used. Spear phishing is a campaign that a cyber attacker purposefully built to penetrate one organization and where they will really research names and roles within a company. While regular phishing campaigns go after large numbers of relatively low-yield targets, spear-phishing aims at specific targets using specialty emails crafted to their intended victim.

A whaling attack goes after senior players within an organization. Whaling attack emails are highly customized and personalized, and they often incorporate the target’s name, job title, or other relevant information gleaned from a variety of sources. This level of personalization makes it difficult to detect a whaling attack.

The Impact of a Phish

Cyber breaches can be disastrous to a company of any size, and it just takes one incident to cause an organization-wide breach. The average cost of a data breach in 2020 was $3.86 million. The costs include numerous indirect expenses such as operational downtime, staff and resource allocation to fix compromised systems and devices, and potential lost opportunities or customer churn caused by a soured reputation.

Phishing is Preventable

With proper training, all employees of an organization, including senior staff, can become aware of how to spot a phishing attempt and how to handle it once identified. Phishing emails are becoming increasingly sophisticated and more challenging to spot, so regularly sending phishing simulation emails coupled with spot-training if someone clicks on a link or opens an attachment.

Phishing simulation emails sent to employees are designed to mimic real-life phishing attacks in execution and style. These simulated attacks help guard your business against social-engineering threats by training your employees to identify and report them. Regular, but randomly sent phishing simulation emails help protect employees from falling victim to an actual phishing attack by keeping them alert and knowing what to be on the lookout for.

Want to know more about how to spot a phish? Check out this presentation How to Spot a Phish: Tips to Spoil Advanced Phishing Attempts. Defendify’s award-winning cybersecurity trainer and success manager, Shanna Utgard, will walk you through current phishing trends, their impact on organizations of all sizes, and ways you and your team can detect them.

More Resources:

Blog: A Complete Guide to the CEO Fraud Business Email Compromise Phenomenon
Blog: Social Engineering Training for Employees: The Framework
Blog: Looking Ahead to Social Engineering Trends of 2022
Blog: Fight the Phish: How to Identify and Handle Phishing Attempts
Webinar: How to Spot a Phish: Tips to Spoil Advanced Phishing Attempts