Staying ahead of cyber attacks can feel like an impossible task at times. Opportunistic hackers are constantly coming up with new, more sophisticated ways to breach digital defences and compromise valuable information. Terry Hawkins, a cybersecurity expert, discussed key phishing terms and phrases to learn…
One of the biggest and most common schemes cybercriminals use is phishing; in fact, 90% of cyber attacks start with phishing emails. Often, these spam messages will contain carefully chosen wording to invoke a sense of panic, urgency, and intrigue from victims. Often out of fear, this can make targets more willing to share their personal information which can then be manipulated for the criminals’ gain.
For businesses, defending against cybercrime has to be a collaborative effort, and this starts with training. Developing a broader understanding of the topic amongst teams will be the best way to protect your and your customer’s information.
Training should be an ongoing commitment, with regular updates around best practices and security measures. But, to start with, we need to understand exactly what we’re talking about. In this post, we explore just what phishing is, and discuss some of the key terms and phrases you’re likely to hear, or may already have come across in the context of cybersecurity.
What is phishing?
Phishing is the process of sending spam emails or messages to try and steal sensitive information. More often than not, these messages will appear to be from reputable sources and trusted institutions, which tricks targets into thinking it’s safe to share personal details.
Sensitive information can come in all different forms, from passwords and usernames to financial information like credit card numbers. Sometimes, victims will consciously impart these details, to solve whatever ‘problem’ or ‘opportunity’ they think they’re faced with. Other times, criminals will use links to websites that contain malware, which is another way for them to infiltrate entire networks, and thus information is inadvertently made available.
This is otherwise known as a data breach: when someone gains unauthorised access to private information. On average, a data breach costs a company $4.45 million, and it takes around nine months to identify and stop the leak.
Key phishing terms and phrases used for different phishing attacks
Spam emails that contain links to malicious sites are the most common form of phishing attack. However, more variations of these attacks are being deployed to make it harder for victims to spot malicious correspondence.
Spear phishing
Where phishing typically happens on a vast scale with criminals casting a wide net, spear phishing is where a specific individual or company is targeted for their information. Often, hackers will have some background knowledge of their target, meaning they can tailor spear phishing attacks to make them appear more credible.
Whaling
Another term that falls under the spear phishing umbrella is whaling. This is where criminals target employees high up the corporate ladder, like a senior executive or board member. These individuals generally have access to the most valuable assets and information, meaning there is a lot more to lose – or gain in the criminal’s eyes.
Vishing
Vishing, or voice phishing, takes place over the phone rather than in your email inbox. Criminals will typically posture as a person from a trusted authority like the police or government, using psychological techniques to convince targets to part with their information.
Protecting yourself and your business against phishing
As criminals have grown more sophisticated with their infiltration techniques, defences and protection methods have also become more advanced. As a business, everyone must be on the same page when it comes to cybersecurity. By making it a shared responsibility, you’ll have the best chance of fending off attackers. It’s therefore advised to have a multifaceted approach that leverages different tools and techniques is recommended.
Here are three options to consider incorporating:
Multi-factor authentication (MFA)
MFA is becoming more common in all corners of the digital landscape. It essentially adds an extra layer of security by asking for more information during the login process on top of a password. This could be in the form of a PIN, security question, or biometric authentication. To further boost your security, you might even look at phishing-resistant MFA. It makes it even harder for hackers to bypass the authentication process.
Education
As we’ve already discussed, education and training is often the best way to reduce your vulnerability to cyber attacks. When individuals are educated on the warning signs to look out for, they will be better equipped to spot and report spam emails or calls to keep private information safe.
Use and update anti-virus software
Anti-virus software is an essential tool in cybersecurity. It works to identify and remove viruses and other types of malware that could leave sensitive information vulnerable. Installing and regularly updating this software will ensure your business is using the most up-to-date security measures available to fend off attacks.