Let’s take a few minutes to break down the very real and harmful effects of a phishing attack against one of your clients’ employee(s).
First a quick review. What is phishing? According to Wikipedia, phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Did you know that more than 90% of all data breaches globally within the last 10 years were caused in part or started by a successful phishing campaign?
Human error is unavoidable with sophisticated phishing. It’s important to help your clients educate their employees about the types of emails that may be signs of phishing. Using relatable scenarios with employees is helpful as well as reminding them to treat email the same way they handle physical mail received at a mailstop or in a mailbox. The senders are anonymous and despite what is written in the return address space on the envelope, there is no way to verify the sender. Don’t let the transport method cloud judgement.
There are 3 main types of phishing:
- Spear: specific and targeted
- Whaling: target executive leadership in organizations (“big fish” executives)
- Vishing: voice phishing, calls
All types of phishing use the following to achieve success:
- Fear
- Intimidation
- Urgency
A good reminder to pass along to all your clients and their employees: if it looks “phishy,” it probably is. And when dealing with email, it’s important to treat it carefully like we do with paper mail. While education is an important step in protecting businesses’ data from unwanted visitors, it’s not the only step.
Bonus: See our eBook -- 6 Ways to Shield Your Clients from Ransomware to learn how to protect your business and your clients.
Tim Shannon is manager, information security at Autotask -- now part of Datto. Read more Autotask blogs here.