Phishing is a common phrase that gets thrown around when it comes to conversations about cybersecurity. But what is phishing? In this blog, we will cover what phishing REALLY is, how to recognize it, and how you can protect yourself or your company and stay resilient against phishing attacks.
What is phishing?
Phishing is defined as ‘an attempt by cybercriminals posing as legitimate institutions, usually via email or text message, to obtain sensitive information from targeted individuals.’ Phishing attempts can appear like they are coming from anywhere. However, they are generally designed to appear to come from a trusted group, your bank, your boss, or even your credit card company. One of the big problems of these types of attacks is that they are easy to use on a mass scale. Cybercriminals can send emails or texts to thousands of people every minute. If these attacks are successful, hackers will have access to your accounts and information. According to IC3, 241,342 victims reported phishing to the FBI in 2020. Additionally, this cost US consumers over $1.8 billion in 2020.
How to recognize phishing
Hackers will try their best to make the messages that they send seem legitimate. Phishing attacks are designed to come from a site that you already use; often a site that would already have your credit card or other payment info. According to the FTC, phishing attacks will often tell a story to get you to click a link. These phishing attacks could:
- Claim there’s a problem with your account or your payment information
- Say they’ve noticed some suspicious activity or log-in attempts
- Say you must confirm some personal information
- Include a fake invoice
- Want you to click on a link to make a payment
- Say you’re eligible to register for a government refund
- Offer a coupon for free stuff
Here’s an example of a phishing email:
Here’s an example of a phishing text:
Generally, if there is a situation where a company needs you to update something internally, they will send out messages inside the app or website itself, not over email.
How to prevent phishing
I recently sat down with Aspis CEO and Founder, Jeff Wagner, to hear what he has to say about resisting phishing attacks. Jeff told me, “The weakest link in any organization’s cybersecurity program is its people. Employees, vendors, and partners who access company systems can be a solid first line of defense when properly trained to identify and report possible phishing.” Jeff brings up a great point here. An often-overlooked aspect of cybersecurity, especially when it comes to phishing, is training your staff. You could have the most up-to-date cyber software, but if James in accounting clicks a bad link, all that fancy software is pointless.
Here at Aspis, we offer several preventative resources to help you stay resilient against phishing attacks. We offer Dark Web Monitoring, which scans the dark web for any compromised credentials or personal information. Also, we are an authorized reseller of KnowBe4, a security awareness training for employees. Finally, we can provide general consulting and a managed security awareness program.
Who is Aspis Consulting?
Aspis is an IT professional services firm headquartered in Kansas City, Missouri specializing in cybersecurity and management consulting. Aspis strives to make enterprise cybersecurity solutions and professional services accessible to all sizes of organizations from small to medium-sized businesses to large Fortune 500 enterprises; non-profits; and municipal, state, and federal government agencies. Our values are Integrity, Community, and Diversity.
Aspis’ vision is to democratize cybersecurity. This means that through our mission we strive to make enterprise cybersecurity solutions, IT professional services, and administrative and management consulting services accessible to all sizes of organizations from small and medium-sized businesses to large Fortune 500 enterprises; non-profits; and to local, state, and federal government agencies. We right-size our enterprise products and services for the SMB market so they are affordable.
With the additional locations of Duluth, Minnesota, and Washington, DC Aspis has grown to become a national brand and has helped businesses of all sizes with their cybersecurity needs. Our team offers a full suite of services including cybersecurity management consulting; compliance assessments; security awareness training; and dark web monitoring to both our commercial and government clients. Our organization has been featured in publications including Forbes, IBM, and the US Chamber of Commerce. Additionally, Aspis is a Certified HUBZone Small Business, Certified LGBTBE, and Certified Virginia Values Veterans company. https://aspis.consulting
Worried about your business and Russian cyberattacks? To learn more about how Aspis can help you with your cybersecurity or administrative needs check out our website. Also, follow us on LinkedIn, Facebook, and Instagram. We post things to stay up to date on cybersecurity news, company updates, and need-to-know tips.