Phishing is a cyberattack technique that utilizes deceptive emails or other electronic communication to manipulate recipients into sharing sensitive information, clicking on malicious links or opening harmful attachments. Emails are a top delivery method for phishing attempts, but cybercriminals may also use text messages, social media messages, fake or misleading websites, voicemails or even live phone calls.
Many cyber incidents include phishing components. In fact, a report conducted by telecommunications company Verizon found that phishing plays a role in approximately one-third of all data breaches. As such, it’s important to understand these schemes and ways to protect against them. Here are some common phishing scams to watch out for and actionable suggestions for how to mitigate them.
Deceptive Phishing
Deceptive phishing occurs when a cybercriminal impersonates a recognized sender to steal personal data and login credentials. These messages often trick victims by asking them to verify account information, change a password or make a payment.
Spear-Phishing
A spear-phishing scheme is typically aimed at specific individuals or companies, using personalized information to convince victims to share their data. In these instances, cybercriminals will research a victim’s online behavior—such as where they shop or what they share on social media—to collect personal details that make them seem legitimate.
Whaling
Whaling aims to trick high-profile targets such as CEOs, chief financial officers and chief operating officers into revealing sensitive information, including payroll data or intellectual property. Since many executives fail to attend company security training, they are often vulnerable to whaling scams.
Vishing
Vishing, or “voice phishing,” occurs when a criminal calls a target’s phone to get them to share personal or financial information. These scammers often disguise themselves as trusted sources, such as a bank or the IRS, and rely on creating a sense of urgency or fear to trick a victim into giving up sensitive information.
Smishing
Smishing refers to “SMS phishing,” which incorporates malicious links into SMS text messages. These messages often appear to be from a trustworthy source and lure victims in by offering a coupon code or a chance to win a free prize.
Pharming
Pharming is a sophisticated method of phishing that redirects a victim to a site of the cybercriminal’s choosing by installing a malicious program onto their computer. The goal is to have users input their login credentials or personal information, such as credit card numbers, on the fraudulent site.
Preventing Phishing Scams
As more cybercriminals turn to online scams to steal personal and company information, business leaders and employees must remain vigilant in their cybersecurity efforts. While no single solution can avert all phishing attacks, certain actions can help reduce their frequency and severity. These actions include staying informed on the latest phishing schemes, backing up critical data regularly, keeping workplace technology up to date, carefully examining messages before clicking on or responding to them, and avoiding sharing personal information online.
Phishing scams pose a significant threat to companies of all sizes and sectors. Fortunately, organizations can minimize their associated damage by taking the proper precautions.
Let’s Talk.
Deeley offers Cyber Insurance to individuals and businesses to help protect your data and identity so you can Be Sure. If you have questions, or would like more cybersecurity tips, call Delmarva’s insurance experts today.
