Phishing is a form of fraud used by cyber criminals.
They will attempt to extort money or sensitive information from unsuspecting members of the public or from companies by masquerading as a trusted or reputable person or organisation, through email or some other form of communication.
Typically emails contain either links or attachments which, went clicked-on, take the user through to a false website where they are invited to share information such as log-in credentials or bank account details.
An IBM report has indicated that the average phishing attack costs a company on average US $3.86 million, although this rises to US $7.9 million in the case of the US. There have been instances where the economic damage caused has run into billions of dollars. The cost is not just financial. Companies have suffered severe reputational damage as well because they have been perceived as the source of phishing attacks.
One industry that has become increasingly susceptible is the online casino market, which, in 2021, is expected to pass the US $1 trillion mark. Operators, such as those in the industry of online casino in South Africa have all had to beef up their cyber security measures in order to stay one step ahead of the fraudsters.
And whilst the amounts extracted from individuals may not be as large, the impact of a phishing attack on them is arguably much greater. Some have literally had their life savings stolen by the unscrupulous and have been left destitute.
In the early days, many phishing attacks were easy to detect. They were often poorly presented and contained spelling or grammatical mistakes that clearly marked them out as fake.
However, the cyber criminals are becoming more sophisticated, especially those operating in gangs, and are adapting the techniques of professional marketeers to make their messages more credible.
For example, they will use publicly available information from social network sites like Facebook, LinkedIn, and Twitter to discover personal data, email addresses and job titles. They will also employ the services of web designers to make fake websites virtually indistinguishable from the real thing.
It means that no longer are the gullible the only ones likely to fall victim to a phishing attack.
Clues that an email may be fraudulent – apart from spelling and grammar mistakes – include:
- The use of suspicious URLs;
- The email is sent from Gmail or other public email address rather than from a corporate email account;
- The message includes a request to either verify or provide personal information – most commonly financial details or passwords;
- The communication conveys a sense of urgency and the need to act immediately.
There are various ways to combat phishing, the most important of which is to maintain vigilance. Never click on any links which request you to provide personal information online, even if it from an apparently trusted source. Reputable institutions like banks will never send out such requests, so the receipt of one should be an immediate red flag.
Make sure that antivirus software is up to date, and that you have downloaded the latest versions, and that phishing and spam filters are in place.
In addition, corporate entities should use email authentication protocols to confirm that inbound emails can be verified. For example, Domain Keys Identified mail (DKIM) enables users to block any email which ahs not been signed cryptographically.
Above all, remain vigilant. If you receive an email which looks suspicious, do not open it, or click on the link or attachment. Try to confirm its authenticity by other means – for example, contacting the alleged sender by phone and asking them to provide verifiable confirmation of their identity.
Image Source: BigStockPhoto.com (Licensed)