Although new threats that are cropping up in the cybersecurity space – phishing — one of the oldest pain points in cybersecurity — is continuing to wreak havoc.
Phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. Phishing has been a mainstay in the cybersecurity threat landscape for decades, even though its not talked about much in the media. Because it continues to work, phishing is still a common tactic used by threat actors. In 2021, more than 80 percent of US organizations experienced at least one successful phishing attack, a year-over-year increase of more than 45 percent. As a result, the need to implement proper anti-phishing best practices is an absolute must for organizations of any size.
With that in mind, here are a few quick best practices and tips for dealing with phishing threats.
1 ) Know the Red Flags of Phishing Attacks
Phishes are masters of making their content and interactions appealing. A good phishing attack will not look like a phishing attack. The content and branding may all seem genuine, which is why it is so important to know the red flags. Red flags of a phishing attack include, awkward and unusual formatting, over the top call to actions, and subject lines that create a sense of urgency. If something looks off, handle with caution and follow your company guidelines for handling phishing attempts.
2) Verify the Source of the Phishing Threat
Phishing content comes in a variety of ways. One of the most common ways is for phishes to impersonate someone you may already know, in an attempt to trick you into believing their malicious content is actually trustworthy. Which means, the phishing attack will look like it’s from a colleague, service provider or friend. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe via another method of communication. If not, break-off communication immediately and flag the incident through the proper channels.
3) Be Aware of Vishing and Other Phishing Offshoots
Bad actors no longer only use email to phish. One common alternative for email phishing is for bad actors to use, voice phishing, or vishing, to gain sensitive information from unsuspecting individuals. Vishing works similarly to conventional phishing. Vishing is typically executed by individuals posing as a legitimate organization in an attempt to get personal or sensitive information. Bad actors commonly pretend to be organizations such as a healthcare provider or insurers. It is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone or chat, especially if the communication is unexpected. If anything seems suspicious, break-off the interaction immediately and contact the company directly to confirm the communication attempt.
Phishing may be “one of the oldest tricks in the book,” but it is still incredibly effective. And although it may be hard to spot when you may be in the midst of a phishing attempt, by exercising caution and deploying these few fundamentals, individuals and organizations more broadly can drastically mitigate the chances of falling victim to a phishing attack.
If you suspect you may be the victim of a phishing attack, call Blue Team Alpha at: 612-399-9680.