Adobe Apple AWS CertNexus Check Point Cisco Citrix CMMC CompTIA Dell Training EC-Council F5 Networks Google IBM ISACA ISC2 ITIL Lean Six Sigma Oracle Palo Alto Python PMI Red Hat Salesforce SAP SHRM Tableau VMware Microsoft 365 AI Azure Dynamics Office Power Platform PowerShell Security SharePoint SQL Server Teams Windows Client Windows Server
Agile / Scrum AI / Machine Learning Business Analysis Cloud Cybersecurity Data & Analytics DevOps Human Resources IT Service Management Leadership & Pro Dev Networking Programming Project Management Service Desk Virtualization
AWS Agile / Scrum Business Analysis CertNexus Cisco Citrix CompTIA EC-Council Google ITIL Microsoft Azure Microsoft 365 Microsoft Dynamics 365 Microsoft Power Platform Microsoft Security PMI Red Hat Tableau View All Certifications
Can You Spot a Phishing Attack? Taylor Karl / Thursday, October 22, 2020 / Categories: General, Resources, Training Trends, CyberSecurity 3313 0 Depending upon whose surveys you consult you’ll find that 83% of cybersecurity attacks involve phishing and ransomware. The stats don’t stop there: - Two-thirds of companies have experienced a phishing attack. - 97% of users tested could not identify a sophisticated phishing email, but only 3% actually report one when they do detect it. - 56% of decision-makers believe phishing attacks are their top security threat. - A single phishing attack costs $1.6 million on average. What is Social Engineering? The lexicon of cybersecurity includes terms like Direct Denial of Service (DDoS), data injection, spoofing, masking, firewall, malware, encryption, and many others. All of these are involved in digital attacks. But, phishing is not a digital attack. This category of attack is called “social engineering” and it simply means finding ways to convince users to click on a link or open an attachment, or take some other action that allows the bad-actor to enter their network and make mayhem. The attack begins with the arrival of a phishing email in the user’s inbox. When opened it usually looks like it came from a familiar brand. Perhaps the user’s bank, or a retail company, or a known associate. The logos, typography, color palette and more all look genuine, but they’re not. A more careful look at the sender’s email address and you might catch Co1umbia or even C01umbia, instead of Columbia.com. Character substitutions, misspellings, and other tricks are used to render a domain name that looks authentic. The email usually offers a great reward if you click on a link and follow instructions or open an attachment and respond to it. Often there are no instructions or forms to fill out. Instead, clicking the link or opening the attachment trigger an invasion by the actual sender who either steals, encrypts, or otherwise corrupts your data. Soon another email arrives inviting you to get your data back by paying a ransom. Recently, the ransom requests have actually been lowered to increase the likelihood of getting the victim to pay. Is That What Makes the User Such a Threat? Exactly. The attacker is depending upon the user to be deceived. This really cannot be considered the “fault” of the end-user. They don’t purposely do anything wrong. The good news is anyone can learn to spot suspicious threats. All users must be trained and constantly reminded to carefully inspect incoming emails to detect possible phishing frauds. The attackers are constantly becoming more sophisticated, so this training must constantly be updated. Learn to Spot Threats to Stop Attacks There are preventative actions that can be taken to prevent the majority of attacks happening in the threat landscape today. Training in the identification of phishing messages has proven to be very effective in reducing the number of ransomware activities dramatically. More and more users are becoming very attuned to spotting suspicious emails almost immediately and taking proper action. Get your team the knowledge they need to spot and stop attacks. Print Tags CyberSecurity CISA NCSAM BeCyberSmart National CyberSecurity Awareness Month Phishing Scam Related articles Keeping Users & Data Safe When Everyone is Working From Home Securing Your Future: Best Cybersecurity Certifications to Boost Your IT Career 9 Terrifying Cybersecurity Stats Understanding the Differences: Cisco Cyber Ops vs CompTIA security+ CompTIA Security+ CE: Continuing Education & Renewal