Phishing is one of the most common forms of social engineering. Attackers attempt to persuade you to click a malicious link or visit a fake website which gives the attacker access to sensitive information. They do this by impersonating a trustworthy brand or company.
Typically they go after large numbers of relatively low-yield targets, not particularly caring who their target is. They are simply casting a wide net to try and catch as many people and companies as they can.
How is phishing conducted?
Mass phishing primarily involves off-the-shelf software kits. The kits either create fake login pages for common banking or email services, or install ransomware.
Attackers are not targeting specific people or businesses. This is why everyone is at risk, and why small businesses are so often attacked. These sorts of attacks rarely happen to big companies as they have all of the right security layers in place to protect their business. Small businesses and sole traders usually only have one or two layers, if any, so it is easy for phishing to be successful.
Phishing examples
A common example is where a bank or company that you know and use emails you and asks you to click a link to reset your password due to a possible data breach.
Clicking that link redirects you to a website that appears to belong to that trustworthy company, but is actually a fake website run by the criminal. The website is used to collect usernames and passwords to the bank or company website.
Deactivation emails are also very common. You have probably had a few yourself. They claim your account will be deactivated if you don’t take immediate action. This might be to update your credit card details or change your password. Many of these emails look realistic, with some including statements like “scanned and cleaned” to make them look legitimate.
There are still plenty of messages that are obviously fake. This one is doing the rounds on Messenger at the moment, for example. Whoever wrote this one didn’t do a very good job. It’s very clear that it’s not from Facebook. Despite that, there’s no doubt that some people clicked on the link and followed the instructions on the fake website. We live in a time-poor era, where more often than not we skim-read messages so we can take quick action.
Is your small business protected?
Most small businesses do not have enough
cyber security layers in place to fully protect their business. Are you doing enough?
Contact us for a confidential chat about your personal or business circumstances and we can advise you on what protection you need. Or we can take care of everything so you have total peace of mind with our
Small Business Cyber Security Support Package.