Human error is one of the top ways for security breaches to occur. Everything from opening an email that tricks a person into giving up login details that compromise their credentials, to not keeping security patches and other systems up to date, to visiting a malicious website is a potential activity that opens the door for malicious activities.

According to research by Security in Depth, 91% of cyberattacks start with phishing email.  Phishing is categorised as one of the top security threats in the security world which is affecting most businesses.

 

So, what is phishing?

The term “phishing” is pronounced just like it is spelled and with a similar concept as “fishing”, a person is throwing a baited hook and hope someone bites it. However, phishing baits are coming in the form of emails, text messages, and advertisements – to name just a few.

Phishing is a fraudulent attempt by criminals to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity for the next steps of attacks.

We further explained the three most popular forms of phishing that affect most small and medium businesses.

Email phishing

This is the most known form of phishing where an attacker attempts to steal some sensitive information by sending an email that seems to be from a legitimate or trusted person and/or organisation. This is normally sent in a mass format and is not targeting a specific person or employee.

Spear phishing

Spear phishing, in comparison to email phishing, is a more targeted form of attack where cybercriminals are targeting a specific person or group, such as business executives or IT administrators.

Malware Phishing

This technique uses the same method as email phishing, or text messages to try and encourage the receiver to click on a link or download an attachment which leads to malware getting installed on the device. This is the dominant form of phishing attacks these days.

 

How to protect my business from phishing attacks?

There has been a huge rise in cybersecurity attacks since COVID started last year, so we put together some top tips to help educate your staff on what to look out for in email scams:

  1. Watch out for suspect grammar and spelling, sender address, attachments, shortened links, login pages, urgent deadlines, alarming content full of warnings and consequences for not taking action.
  2. Be especially cautious of any email or text that asks you for personal information, such as username and password to login to an account.
  3. Avoid using public networks where possible.
  4. Improve the security culture of business by running phishing campaigns and educating your users on how to detect threats.

 

What are the best anti-phishing tools?

There is no single fool-proof way to avoid phishing attacks, but technology can prevent threats with always-up-to-date security solutions and tools that automatically detect and defend against cyberthreats.

Microsoft 365 prevents phishing attacks with built-in machine learning models and impersonation detection that quickly identify and block suspicious activity on email.

By implementing technologies like Microsoft 365 advanced protection, paired with Byte’s Secure Workplace Solution and Secure Managed Services we can help you analyse and block phishing threats before they even reach your employees.

 

Talk to us to find out how to protect your business from all forms of phishing.