Phishing is a kind of penetrative cyber attack delivered via email that is pervasive and can be incredibly harmful if your firm’s employees fall susceptible to its deceptions. The way it works is an individual receives an email that seems, for all intents and purposes, legitimate. The email often purports to offer some sort of value-based opportunity delivered by an embedded link that the recipient must click to avail themselves of. These can come in the forms of high-value discounts, or perhaps even warnings that a bank account or other personal online account has been compromised, requiring the recipient sign in (via online link) to change your password or check your account to see the potentially fraudulent transactions. Phishing attempts come in many forms, but what is typically common among them all is that they purport to emanate from a trusted or legitimate source and request that you either download a document/file or click on a link within the email. Phishing may seem a rather tame form of cyber attack, given the very aggressive strategies we have seen in the industry, but because it is effective, it remains one that is commonly used.
One of the more famous phishing attacks was the 2016 phishing attack that resulted in the hacking of Hillary Clinton campaign chair John Podesta’s Gmail account.
In other high profile phishing attacks, victims belonging to organizations ranging from hospitals to municipalities unknowingly opened their business networks to malicious software capable of seizing control of their network files allowing the perpetrators to hold them ransom for tens of thousands of dollars in payment via untraceable cryptocurrency, paralyzing the victim businesses and organizations for days on end until such ransom paid.
Phishing is often accomplished by disguise. Utilizing a technique called “Spoofing,” hackers are easily able to mask their true email addresses with trusted root domains.
What Can Business Networks Do?
One of the most impactful steps businesses can take to thwart the efforts of phishing attacks is the education of anyone on their networks as to the tactics and dangers of these email communications.
Users should never click on links delivered by unknown users. And, of course, should a message purport to be from your bank or another trusted institution, you should never attempt to login from the body of the email by clicking on a link. You should always visit the institution’s website directly only and login there. Typically, any account issues can be identified or resolved via the root website as opposed to an email link.
Another precaution business networks can take to thwart phishing attacks is to ensure that one of the leading spam filtering software products from providers like McAfee or Norton is installed and active in filtering inbound email communications. Many of these are capable of filtering out suspicious communications, particularly those that involve suspicious file attachments from untrusted sources.
If you have questions about maintaining network security or computer support for your business, contact the industry leaders at dotQ4 in Mokena, just outside of Chicago. You can reach us at 708 261 1844.
Comments