What is Phishing?
Phishing is a lot like fishing (hence the play on words). Both involve a target, equipment, bait, patience and a plan… blah, blah blah. Boring, right?
Reading a LinkedIn article liked by my colleague Tori last week gave me a flashback to fishing with my dad when I was a kid, which gave me an epiphany of why so many businesses fail to see, even accept, the dangers of phishing.
It’s Not Just Me!
Going fishing with my dad was always an adventure, but that’s not because we were great at catching fish. The adventure was watching dad try so hard to give us kids a fun time, but often with disastrous results. Dad had all the enthusiasm, but not the patience or mindset to be a good fisherman. One memory really stands out and, with the help of time, now makes me laugh.
Dad had taken us three kids to a jetty to fish. We weren’t so good at baiting our hooks or prepping our lines and, before long, we’d lost a rod and most of our bait ‘overboard’. Hours later we hadn’t caught a single thing. Dad was already struggling to keep his emotions in check when we discovered one of us had inadvertently kicked his brand new, prized, wooden-sheathed fish knife through the jetty planking… It was all too much for dad. We packed up, and no-one said a word all the way back to camp.
Unless you like fishing, time spent in planning, sleep lost to early starts and money spent on equipment and licensing – not to mention the smell – are not worth the effort. “It’s just not me!”
Unfortunately, it seems many SME’s feel the same about email security and phishing attacks.
So much effort, time and expense required to block a stinking scam! The LinkedIn article I read gave good suggestions on blocking phishing attacks, but it’s only got five ‘likes’ so far – and four are from people in the IT industry! So, why should you care?
Objective: Pleasure, food.
Where: Lakes, rivers, oceans.
Skills required: Patience, knowledge (when/ where to fish, what lures to use, fish habits.
Equipment/ Tools: Fishing rods, reels, nets, boat.
Bait: Lures, live bait attractive to fish.
Favourable conditions: When fish are most active: dusk, down. The right bait.
Objective: Deceive for $$-profit.
Where: Email accounts, anywhere in the world.
Skills required: Patience, knowledge (business habits, connections/relationships, names and titles).
Equipment/ Tools: Any device with Internet capability (smartphone, laptop, computer, etc). Social media and professional networks. Business websites.
Bait: Email and trusted connections (brands, organisations, people).
Favourable conditions: Business apathy, employees who are unaware or don’t care, standard operating procedures (accounts payable, management requests, etc) and busy operational periods (holidays, payment cycles).
With phishing, anyone in your company with an email address is a target – especially your Accounts team. Hackers send emails that, at quick glance, seem to be from a well-known or trusted organisation, business partner or person, or from someone within your own management team – even you!
Phishing emails trick your employees into giving away sensitive information (names, addresses, credit card details or passwords), make money transfers (supposedly requested by you, or someone on your management team), or change legitimate vendor/supplier account details to a hacker’s account.
Because of the deceptive nature of phishing scams, especially when account details are swapped, multiple large payments can be made before Accounts even realise your money is gone!
Ask Us For Help
If you’re not confident your employees have the knowledge – or focus – to combat phishing attacks, or you haven’t yet enhanced your email security to deal with how sophisticated phishing attacks have become, get itro to help your team.
PS – If you still think ‘phishing’ is a gimmick, you really need help – now!
One of my dad’s biggest problems taking us kids fishing was mum’s lack of interest in coming with us. If only he’d organised one of his mates who was good at fishing come with us, to be his backup and support. It would have made a world of difference, to us, and the outcome!
Every day itro engineers are working on recognising, blocking and defeating malicious attacks on our clients’ email security and networks. They see the range and reach of hackers, and phishing scams. They’re frustrated when a client who has declined our help rings up, after they’ve been scammed or robbed, demanding action. Just like my childhood fishing experiences, no one is laughing after a phishing attack!!
Post attack your options are few, and your odds aren’t good! For example, we recommend you never pay a ransom demand: you’re dealing with criminals, not people of integrity. And once your money is transferred… it’s gone! It’s an expensive lesson to learn.
Our team would much rather proactively protect your team from attack than the frustration and unknown outcomes of trying to recover your data after an attack!
itro is the team you want on your side. We can give you the help and tools your email and devices need, and the support and encouragement your team needs to accept their contribution to keeping your information safe by proactively recognising phishing attacks.
Any questions you may have, we’re happy to answer without charge.
Protect Me From Phishing
If you haven’t thought seriously about your email security, then you need to act now!
Ring our team on 1800 10 3000 or email firstname.lastname@example.org for your FREE IT assessment and to chat to one of our experts about upgrading your email security, and/ or help your team understand their role in blocking email attacks.