Security Awareness: Phishing

Phishing is the most prominent method of infiltration for cybercriminals, who use it to insert malicious links, viruses and ransomware into an organization. A successful phishing attack can result in loss of company data, compromised credentials and accounts, and financial impact. Educating employees about phishing helps improve the company’s security posture.

Identifying a Phishing Attack

Many phishing attacks include a generic message, but some attacks may include personalized information in an attempt to appear legitimate (known as spearphishing). The attacker may attempt to mimic legitimate websites and convince users to click a malicious link or download an attachment, taking advantage of people’s trust or lack of awareness.

In phishing scams, attackers often impersonate high-profile brands and organizations such as delivery companies, financial institutions, healthcare systems and government agencies.
Always check the legitimacy of the sender. 

  • Does the sender’s email address look correct? 
  • Is the message generic? 
  • Are there grammatical errors? 
  • Are you being pressured to take action immediately?
Consider hovering over any link within the email to see if the link address looks legitimate.
 

In 2023, phishing emails totaled 1.76 billion, the highest amount on record. This represents a 51% increase from 2022.

Source: Vade, Phishers’ Favorites: 2023 Year-in-Review, 
https://www.vadesecure.com/en/phishers-favorites-2023-ebook

Recommended Posts

CrowdStrike 2025 Global Threat Report
Securing Remote Work: Best Practices for Organizations and Employees
Cyber Hygiene Best Practices: Build a Strong Digital Defense
Phishing Scams: How to Recognize and Avoid Them