Have you received an email or a message with a clickbait and the kind of information it requires is personal or sensitive? Well, you might be experiencing what is called phishing.
Phishing is an attempt to fraudulently obtain sensitive information. Those trying to obtain your information will pose as legitimate individuals or even organizations, especially finance organizations like your bank.
Phishers use social engineering tactics, including guilt-tripping and creating a sense of urgency to convince their targets. Tools of trade include fake or hijacked email addresses that seem similar to legitimate email addresses, phone numbers, logos, and other false business credentials, all helping trick the target into divulging sensitive data or clicking on a link.
While most people think instantly of email when it comes to phishing, attacks can also be carried out using social media, phone calls, voice messages, text messages and more.
Today, these fraudsters have become increasingly sophisticated in their approach.
Cisco's 2021 Cybersecurity Threat Trends Report found that phishing was responsible for a staggering 90% of data breaches.
Those responsible for phishing have a range of goals including stealing information or money, sabotaging a company's systems, installing malware or sometimes luring the target to a website as part of the ruse.
Phishing scams often put pressure on recipients to act immediately, by sending a response, clicking a link, or both. Common methods of pushing recipients include stating that there has been a security breach or claiming that an urgent complaint has been received.
The cybercriminal reaches out in the hope that someone will "bite" and engage in conversation with them. When someone does, it allows the criminal to get a foot in the door and take further steps to try to fool the individual into taking additional actions. These actions are carried out with the intention of persuading the victim to divulge information (such as passwords or account numbers) or download something they should not.
Allan Lwanyaga, the SGA Group IT Manager gives some insights on how to deal with phishing:
How can businesses prevent phishing?
Some businesses are more appealing to fraudsters than others when it comes to the target of phishing attacks. Financial service providers such as banks and credit card companies spring to mind.
Here are some steps that such businesses can take to help protect their customers.
How can individuals defend against phishing?
As an individual, you can defend against phishing by educating yourself about what it is and how it works. Knowing which warning signs to look out for could make a huge difference.
It is important to trust your instincts. If something does not feel right, stop and check. Phishing scams can be very sophisticated but sometimes all it needs to avoid falling victim is for you to step back from the situation and think twice before clicking a link or sharing a piece of information.
Remember: If something is too good to be true, or if an urgent request is unusual in that context, it is probably linked to fraud. If unsure, contact the purported sender yourself using a number or email address from their official website, which you ought to get from a search engine, not an email link.
What should you do if a phishing attack is successful?
If you believe you may have fallen victim to a phishing attack, here are some suggested steps: