Phishing: a real threat for your organisation
Phishing is a dangerous form of cybercrime that cannot be detected by regular antivirus software and potentially has serious consequences for your organisation. Alert employees who recognize phishing signals are the only and best defence.
In 2017 alone, cybercrime in Belgium was responsible for a loss of over 4.5 billion euros and about two-thirds of companies admitted to being of such crime. More than 75% of these breaches are a direct result of social engineering such as phishing.
What is phishing?
Phishing is a form of cybercrime in which victims are contacted by e-mail, telephone or text message by someone who pretends to be an employee of a trusted source, such as a bank, a government agency or perhaps even one of your trading partners. Criminals try to extract sensitive information such as usernames, passwords, bank and credit card details. This information is then used to access important accounts, which can lead to identity theft and financial loss.
How can you recognize a phishing mail?
In most cases, phishing is done by e-mail. In such a phishing e-mail, the sender asks the victim to “verify” his details by clicking on a direct link or opening an attachment. The link or the attachment, will collect data or contain a malicious payload.
You can often recognize phishing attacks by looking for these simple principles:
- Too good to be true: lucrative offers like free iPhones or messages that you’ve won a lottery will try to draw your attention. However, if it sounds too good to be true, it probably is.
- Urgency: phishing attacks will often have a sense of urgency, for example, to receive a lucrative offer or to avoid negative consequences.
- Links: hover your cursor over all links (even images can include links) in the email and read it very carefully. Criminals will often use links that are nearly identical to the website of the trusted source, the differences between them are minimal.
- Attachments: if you receive an unexpected email with an attachment, even from someone that you know, don’t open the attachment. If you know the sender but aren’t expecting the mail, ask them before proceeding to open it. It’s possible that their email was compromised.
- Unusual sender: we probably don’t even have to mention this but if you don’t know the sender, be extra careful.
What are the dangers of phishing to organisations?
Phishing is one of the most dangerous forms of cybercrime because it basically cannot be detected by regular antivirus software. Phishing scammers do not need to infect your computer system with a virus to obtain sensitive information. All they need is a gullible employee who reveals the data unsuspectingly.
If your organisation experiences a phishing incident and that information reaches the media, the company’s brand image is immediately affected. Customers are concerned about the security of their personal data processed by the company and lose confidence in the brand.
Train your employees to recognize phishing
A trained employee is the best defense against phishing attacks. Even with the best spam detection in the world, smart phishing emails can still slip through loopholes. Therefore, invest the time and resources to teach and train your employees to recognize phishing. That way, they can respond appropriately to threats and scams, keeping your business safe.