What Do I Need to Know about Phishing?

Phishing is one of the top attack vectors hackers use to gain illegal access to networks.

The latest findings in the IBM Cost of a Data Breach Report 2022 show that phishing was the second and most costly cause of a breach, resulting in an average of $4.91 million in costs for organisations surveyed.

Here’s a quick rundown of the different types of phishing threats you need to be aware of so you can better protect your data from cybercriminals masquerading as an organisation or person you trust.

Bulk Email Phishing

Bulk email phishing is the most common type of phishing scam and an easy one to fall for. These general, mass-market emails are deliberately designed to trick the recipient into clicking a link that sends them to a fake website or opening an attachment full of malware.

Things to look out for:

• Fake emails from large, trusted companies like HSBC, Amazon, and PayPal
• Subject lines that want you to take action, like: “There’s a problem with your delivery”, “Your invoice is attached”, or “Your password has expired”
• Misspellings and grammatical errors
• If the URL leads to the sender’s website
• Being asked for sensitive or personal information
• Emails sent outside of normal business working hours

Spear phishing

Spear phishing is when cybercriminals target specific businesses or individuals with a high financial value. This is a more sophisticated type of cyberattack that is carefully crafted using a method called social engineering to include specific details personal to the recipient to earn their trust and make the scam seem to be from a legitimate sender.

Whaling

Instead of casting the net as wide as possible or reeling in specific targets, whaling is when the threat actors go for broke and set their sights on top executives. Hacking accounts like these which have a higher level of access to company networks, means they can quickly infiltrate systems to steal everything from money and confidential information to files containing sensitive data.

Other types of phishing include:

Clone phishing – a malicious, replicated copy of an original email message.

Vishing – phishing phone call with a false number to contact that leads directly to the scammer.

Business email compromise (BEC) – attackers pretend to be CEOs and financial officers to trick victims into transferring cash into unauthorised accounts.

SMS phishing – using mobile or smartphone text messages to gain credit card information.

How to Beat the Cybercriminals

You can safeguard your confidential and business-critical data against these types of phishing attacks by:

• Training employees on how to recognise different phishing attacks
• Using two-factor authentication (2FA) on emails
• Encouraging staff to report suspected cyberattacks to Action Fraud
• Keeping informed on the latest phishing trends
• Install web and spam filters
• Use antivirus and anti-malware software
• Invest in a centralised cybersecurity platform

Find out how you can prevent fraud with the help of IBM Security solutions here.