From ransomware to SolarWinds, the cyber-security space has been as challenging as ever over the past months. However, for all of the emerging threats on the horizon, phishing (one of the oldest pain points in cyber-security) continues to wreak havoc for enterprises around the world.

‍

It’s often overlooked in terms of media hype, but phishing has been a mainstay in the cyber-security threat landscape for decades. In fact, 43 percent of cyber-attacks in 2020 featured phishing, while 74 percent of US organisations experienced a successful phishing attack last year alone. And globally, cyber-criminals exploited public fears over the COVID-19 pandemic to find new phishing victims

‍

Phishing remains one of the most serious risks to an organisation’s cyber security health, but with proper anti-phishing hygiene and best practices in place, you can shore up your defenses. Here are three simple tips to help you deal with phishing threats…

‍

1. Know how to spot the red flags

Phishing scammers are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it’s crucial to look for the red flags.

‍

Unusual formatting, overly explicit call-outs to click on a hyperlink or open an attachment, and subject lines that create a sense of urgency are all warning signs. Emails with these hallmarks should be treated with caution. And if you suspect a phishing attempt, contact your IT department immediately.

‍

2. Verify the source‍

Cyber criminals may impersonate someone you already know – such as a colleague, service provider or friend – as a way to trick you into believing that their malicious content is trustworthy. Don’t fall for it

‍

If an email is out of place, or unusual, reach out directly to the sender to confirm whether the content is authentic and safe. If not, break off communication immediately and flag the incident through the proper channels at your workplace.

‍

3. Be aware of vishing and other types of phishing

Threat actors have diversified their phishing efforts beyond traditional email. For example, voice phishing – or vishing – has become a primary alternative for scammers looking to gather sensitive information from unsuspecting individuals.

‍

Similar to conventional phishing, vishing is typically executed by individuals posing as legitimate contacts – like healthcare providers or insurers – and asking for sensitive data. It’s imperative for individuals to be wary of any sort of communication that asks for personal information (via email, phone or chat),especially if the communication is unexpected. If anything seems suspicious, break off the interaction immediately and contact the company directly to confirm the authenticity of the communication.

‍

Phishing may be “one of the oldest tricks in the book”, but it is still incredibly effective and increasingly widespread. By exercising caution and vigilance, and by deploying these few fundamentals, you can reduce your chances of falling victim to a phishing attack.

‍

‍This article has been adapted from Cyber Security Awareness Month resources supplied by the event organisers, and is published here with permission. First Technology Group is proud to be a 2021 Cyber Security Awareness Month Champion Organisation. References include:

-       The 2021 Data Breach Investigations Report from Verizon

-       The 2021 State of the Phish Report from Proofpoint

‍

Our Cyber SoC leverages state-of-the-art Microsoft Security technology (including Azure Sentinel) to continuously monitor connected environments.

With cloud-powered data processing, cyber-threats are detected, analysed, and managed in near real-time to provide comprehensive, end-to-end protection.

Get end-to-end protection for your organisation.

‍