Phishing is one of the most common methods of cyberattack. Over 90% of cyberattacks start with a phishing email. This equates to about one out of every 4,500 emails being a phishing attack.
These attacks are occurring more and more often and becoming much more sophisticated. They have expanded beyond solely being email-based to attacks taking place via social media, instant messaging, SMS and voice communications.
The attacks can cause damage to businesses on a financial level by requesting money, blackmail, and by causing business downtime through ransomware attacks.
At one time or another, each of us has received phishing email. Although the email content may vary, the intention is the same: the message attempts to persuade the recipient to take an apparently normal action that will actually result in a security compromise instead. Many high-profile breaches have started with successful phishing attacks.
Here are two of the ways that attackers can target your business through emails:
• Whilst most organisations block menacing attachments on emails, they cannot always block files such as Microsoft Office documents or PDFs for practical business reasons. Phishing attacks exploit this by embedding malicious code in these files or, more often, by using techniques to exploit vulnerabilities in the software itself.
• By using spoofed email addresses to trick users and near-match domain name misspellings such as firstname.lastname@example.org instead of email@example.com. Recent attacks have been very sophisticated, even including previous email chains to convince victims that the request is part of legitimate correspondence.
Can you tell the difference between a genuine email and a phishing email? Take SonicWALL’s test to find out your phishing IQ here >
We’ve also put together a “Ten Telltale Signs of Phishing” post here >