Skip links

What is Phishing?

What is Phishing?

What is Phishing?

It’s an online security threat that everyone should be on the lookout for, as scammers are trolling to steal sensitive information. Don’t want to get hooked by a hacker? Read on to learn more about its history, the most popular forms the attacks will take, and how to spot them.

Phishing may feel like a new threat to your online security, but it’s been making waves online for quite some time. With the first reported instance back in 1995, phishing attacks have grown and evolved over the years.

1995

The first phishing attack was reported in 1995. AOHell was created to steal users’ passwords and use algorithms to create randomized credit card numbers.

2013

In September of 2013, Cryptolocker ransomware infected 250,000 personal computers, making it the first cryptographic malware spread by downloads from a compromised website.

2018/2019

Phishers start adopting HTTPS with gift card phishing campaigns starting in 2018 only to evolve to vendor email compromise in 2019.

2020

In 2020, 74% of organizations in the United States experienced a successful phishing attack.

Did you know? Phishing emails are the leading cause for ransomware attacks, with 54% of MSPs selecting it as the top cause of ransomware attacks.

So, what is phishing, and how can you spot an attack?

Phishing attacks come in many shapes and forms. The top types are mass campaign, whaling, spear phishing, and clone phishing.

Mass Campaign

In a mass campaign, a wide net phishing scam is sent out to the masses from a knock-off corporate entity. Recipients will be asked to enter their credentials or credit card details.

How to spot a mass campaign:

Attacks that rely on email spoofing will appear to be sent by a trusted sender, but if you look closer, there are often many red flags.

  • Watch out for errors or inconsistencies, like misspellings or a sender email address with the wrong domain.
  • Carefully review the message for any logos that look odd. These may contain malicious HTML attributes.
  • Ignore emails that have only an image and very little text.

Whaling

Whaling is a spear-phishing attack that aims to catch the big fish. It targets senior executives and other high-profile members of an organization.

How to spot whaling:

  • Be wary of requests that come from a senior leadership member that has never made contact with you before.
  • Make sure any request that appears to be normal is sent to a work email, not personal.
  • If the request seems urgent and might be costly if it is fake, send a separate email, text or call the recipient and verify their request. It’s always better safe than sorry.

Spear Phishing

Spear phishing attacks are emails that directly target a specific organization or person using tailored information, making them seem more legitimate.

How to spot spear phishing:

  • Be on the lookout for internal requests that come from people in other departments or seem out of the ordinary for the job function.
  • Be wary of links to documents stored on shared drives like Google Suite, O365, and Dropbox, because these can redirect to a fake website.
  • Avoid documents that require a user login ID and password. This may be an attempt to steal your credentials.
  • Don’t click a link from an alleged known website. Instead, open your browser and type in the website address yourself. This way, you can be sure you’re getting to the right website and not a phishing one.

Keep your business safe from phishing tactics! Download our checklist to learn more and practice safe email habits.

– Before you continue reading –

Keep Your Business Safe From Phishing Attacks

Download our checklist to learn more about what to look for and practice safe email habits.

Don’t get hooked by a hacker!

Clone Phishing

Clone phishing is when a legitimate email message sent from a trusted organization is copied and altered, replacing links with ones that redirect to a malicious website.

How to spot clone phishing:

  • Be wary of unexpected emails from a service provider, even one that might be part of normal communication.
  • Look out for emails requesting personal information that the service provider never asks for. If you know the request is legitimate, don’t follow the link, instead, go to the browser and type the information directly into the website.

Other Red Flags to Lookout For

When following a link, inspect the webpage to ensure it looks like the real webpage you were expecting. Pay attention to its structure, colours, other pages within the site, and the main menu.  Ask yourself, is it really necessary to enter your credentials into a form?

When assessing the legitimacy of an email, check if it’s coming from an unexpected sender, look at the sender’s actual email address, and look for odd grammar mistakes.

Social engineering signs of a phishing email can be a sense of urgency, asking you to click something to get something, or offering you something that you were not expecting.

And finally, always double-check the URL. Look for confusing spelling mistakes in the URL, and check if several subdomains are being used.

So, what is phishing?

Now that we’ve answered the question, you’ve got the knowledge to take steps to keep your business safe. Download our checklist to have these tips on hand, and to share with your employees. Want to learn more? Contact Com Pro today. We can secure your IT infrastructure and help keep you off that phishing hook.