Put the Phish on ICE 

While it may be cold outside, phishing remains the hottest attack vector in business: Over 90% of all successful cyberattacks are said to start with a “phishing” email. And these attacks have become far more advanced throughout the years, with the potential to fool even the most vigilant.

With this cold truth in mind, what should you be on the lookout for?

Design and Conquer

You probably remember the old emails from a “Nigerian Prince” urging recipients to help move money out of his country. Today, His Majesty is still far from retirement: “advance-fee fraud” has existed for hundreds of years, and criminals still iterate on the attack.

These and other relatively unsophisticated attacks still fool some, but most recipients are much savvier nowadays. Just as fishing enthusiasts upgrade their equipment with the season, cybercriminals have upped their game with more modern techniques.

Nowadays, characteristics of particularly convincing phishing emails include:

  • Appear to come from a common and trusted service, e.g. Amazon, FedEx, or Netflix
  • Use real company logos and layouts to mimic legitimate messages
  • Have a recognizable call-to-action, such as “Update your payment information” or “Track your package”

Interacting with a phishing email can lead to infecting your computer and/or network with things like malware or ransomware. Other attacks aim to steal login credentials, personal information, or money.

An Advanced Maneuver

Phishing attacks are often well-designed and difficult to detect, even for seasoned professionals. To make matters worse, cybercriminals have even more tricks up their sleeve:

Those are just a few of the cold and devious tactics out there – and we hear about new ones constantly. The bottom line is that no matter how real an email looks, you have to be cautious and diligent to ensure it is authentic.

Don’t Fall for Those Shiny New Lures

The attackers may have tempting bait, but don’t get hooked! Slow down and be mindful, especially of any email – even if it looks like it’s from a company or person you trust – that asks you to complete an action like:

  • Clicking a link or opening an attachment
  • Logging in with your credentials or filling in a form
  • Completing a transaction or changing account information
  • Replying with confidential or personal information

To help put those phish on ice, remember the acronym ICE:

  • Inspect messages carefully—look closely at the email address, domains, words, and links.
  • Confirm any message received that was unexpected or that you’re wary of—don’t hesitate to pick up the phone to call and verify legitimacy.
  • Eliminate messages that seem, well, fishy. Important! Be sure to check your company’s policy: Some will ask that that you report them to your IT team, then delete; others will ask that you immediately delete anything suspicious.

Phishing season is never truly over for cybercriminals, but you can leave them out in the cold.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.