Phishing is a serious issue with a frivolous name.
According to the UK Government 83% of successful cyber attacks on businesses in 2021 came from phishing attacks. It's impossible to ignore as a major threat to your business.
But as we'll find out in this module, phishing isn't just one thing. It's an umbrella term that covers a wide range of different types of socially-engineered cyber attacks focused on the user, rather than the device.
In this article, we'll break down some of the most common phishing methods and how they work, and look at what can be done to prevent your business from becoming a victim.
As mentioned above, phishing is an umbrella term referring to a whole range of different attack methods.
Thankfully AJ has put together this excellent video to run you through some of the most common types.
This includes:
Use the chapter markers in the progress bar of the video to jump straight to the section on each attack type.
In addition to these more general attack types there is a range of very specific and targeted attack types, usually referred to as Spear Phishing. This is because the attack is tailored to a specific individual, usually someone with high level IT access or sign off on company funds. Spear phishers often use data gathered from laying dormant and undetected after a previous successful attack on your network, email inbox or another person's inbox with whom the victim frequently communicates.
There are a few key elements that make phishing attacks tricky to detect for traditional antivirus programs:
When your cyber security software is only checking for suspicious email addresses, IP addresses, links and known attack methods, or specific phrases common to known phishing attacks, it can be difficult to spot these more tailored attacks.
Which is why a new breed of solutions has emerged. Modern anti-phishing solutions are directly connected to your inbox in order to protect you from inbound threats, outbound theats, and threats that are already in your inbox.
This new breed of solution uses artificial intelligence to create a model based on how you use your emails, who you send to and when, even the type of language you use. This model is then used to spot anomalies potentially inserted
These modern AI-powered anti-phishing services, when applied alongside traditional antiviruses (which will still protect you against a wide range of attack methods), will greatly improve your ability to protect your business against phishing attacks.
Security Awareness Training bolsters your resistance to common phishing attacks.