We’ve all heard that cyberthreats are on the rise. In this blog we look at the rise of phishing, explaining what it is, why it’s on the rise and what we can do to help combat it.
What is phishing?
Phishing is a type of social engineering attack, often used to steal user data, including passwords or bank details. It is considered one of the greatest cyberthreats and occurs when an attacker, pretending to be a trusted source, tricks a victim into opening an email, instant message, or text message and providing secure information. It is one of the scariest examples of a cyber threat due to its prevalence, sophistication and the threat it poses to a business’s data and reputation.
Why is phishing on the rise?
Despite Microsoft 365 blocking hundreds of emails a day, the robust email filtering system (which comes as standard) can still miss the increasingly convincing phishing emails.
Phishing was the most common type of cybercrime in 2020. Throughout the pandemic, hackers have adopted new tricks, such as impersonating government agencies claiming to offer pandemic-related financial assistance and vaccination information. In April 2020 alone, Google blocked 18 million daily malware and phishing emails related to COVID-19. Phishing attempts are becoming increasingly subtle, sophisticated and convincing.
The pandemic and the rise of home working has increased opportunities for phishing attacks, as a less centralised workforce means reduced opportunities for staff to quickly flag suspicious emails with colleagues, leading to errors and cyberattacks.
Transparency and openness of company information such as the names and email addresses of staff on websites and LinkedIn pages also helps hackers to send convincing targeted emails.
How to combat phishing emails
There will always be hackers looking at new and complex ways to exploit and steal confidential data and information, and there is therefore no solution to entirely remove the threat of phishing.
However, training is vital to avoid falling for one of these scams. Training ensures that employees are aware of how to detect malicious emails, and what to do if they spot something which they think could be suspicious.
At Timewade, we run cyber security training with all of our clients on an annual basis. As part of the training we explain the latest threats and what to look out for.
We coincide our training with a Sophos Phish Threat campaign, to assess how easily staff are duped by convincing phishing emails. The campaign, combined with training, is highly effective at raising awareness of the sophisticated nature of phishing attacks and provides staff with the tools they need to spot a scam.
If you’re the victim of a phishing attack, be sure to report it to ‘Action Fraud’, the UK’s national reporting centre for fraud and cyber crime.
Protect your business and the data of your customers and clients by arranging cyber security training for your staff, before becoming a victim. Contact Timewade today to find out more.