In 2019, attackers are phishing targets to retrieve sensitive information that ultimately leads to data compromise. Phishing is the technique where a malicious actor lures a victim into revealing sensitive information. This can be through large “spray-and-pray” type campaigns involving multiple recipients or, a more targeted approach crafting attacks for specific individuals, known as Spear Phishing. Phishing has been around since the early days of the Internet as one of the oldest vectors of attack.
Some key facts about phishing:
- 9.2 million suspicious emails were sent in 2019
- 68% of phishing websites use the https protocol
- Phishing is the biggest cause of security breaches (Are we even surprised?)
- Smaller organisations receive higher rates of phishing emails than larger companies.
Security awareness is a key way to address this issue. This is nothing new, but as an industry we’re still not doing enough to help educate our colleagues, families, and friends. An organisation could confidently say they have met peak maturity when every employee is performing the duties of a security guard to identify when something isn’t right and report it. Achieving this is a journey that requires constant training and awareness.
Here are the top 5 tips to avoid getting phished:
- NEVER click on something you’re unsure about or were not expecting.
- NEVER submit credentials after following a link in an email - always go directly to the site.
- If you have mistakenly submitted credentials or clicked on something that doesn’t look right, RESET your password and REPORT it.
- Use Multi-Factor Authentication (MFA) - there’s really no excuse for not using it in 2020.
At Privasec, we can help identify your current exposure level through phishing exercises, or even conduct complete red team engagements to find vulnerabilities so you can remediate and work towards securing your assets.