Phishing attempts are the most common form of cyber attack. Yet many employees struggle to tell these attempts apart from real communications. In this post, we examine what a phishing attack looks like. We’ll share some examples to help you and your employees remain safe and secure online.
It’s 11:00am. You’ve got clients coming in for a lunch meeting in an hour, and you’re desperately trying to get everything ready. Out of the corner of your eye, you see an email come in asking you to pay your latest invoice. You quickly glance at the text, then click on the link that takes you to a payment portal. You enter your details, confirm the payment, and carry on getting ready for your clients.
What you’ve just done is a normal part of running a business. But it could also result in a huge financial loss for your organisation. Why? Because that email may have been a phishing attempt.
Why is phishing so common?
According to the Australian Cyber Security Centre, phishing is one of the most common types of cyber attack reported in the country today. Why is it so common? Because it’s incredibly simple, and for cybercriminals, it can also be highly effective. That’s because many people don’t know what a phishing attempt looks like. This makes them more likely to fall victim to an online attack.
So… what does a phishing attack look like?
That’s the problem – there’s no ‘standard’. Each phishing attack is different, making it difficult to tell when a communication is legitimate, or when it’s part of a cleverly devised scheme to steal data.
Examining different types of phishing attacks
While there are lots of different phishing schemes, there are a few common themes. For example, a person might receive an email telling them that a package could not be delivered. The email might include a link to arrange for a redelivery, and ask the recipient to enter card details to pay a fee.
In the aftermath of the pandemic, there have also been a number of schemes related to COVID-19. For example, an email or text message might inform the recipient that they have been in contact with someone who has tested positive, and ask for personal details so that a free test kit can be sent.
In the business world, a company owner or employee may be sent an email regarding…
- Upcoming account deactivation, asking for payment details to be confirmed to maintain access
- Potential credit card fraud, asking for new card details following a supplier’s data breach
- Unusual activity, asking recipients to log in and check their account via a malicious link
- Payments for good/services, asking recipients to pay an invoice via a fake payment portal
A phishing attempt can often look indistinguishable from the real thing. However, there are few telltale signs that suggest an email or text message is worth a second look. Always ask yourself…
- Is there a sense of urgency?
- Is action required?
- Is it impersonal?
If the answer to all three questions is ‘yes’, think before you act.
Protecting your employees, and your business
The best way to protect yourself from a phishing attack is to know what phishing communications can look like. Learn to recognise the signs of potential cybercrime, and ensure all your employees are behaving responsibly online. At Perigon One, that’s exactly what we’re here to help with. Get in touch with us to find out more about building stronger processes to minimise your cyber risk.