What is phishing?
Phishing is a malicious and deceitful practice of sending emails to reputable businesses in an attempt to coerce individuals into revealing sensitive personal and business information. This can include logins, passwords, and financial information like credit card numbers. Phishing can result in a multilayered attack because the information gained from phishing can be used to target other individuals in a company. There are several types of phishing and educating employees on each one is critical to prevent future attacks.
Some of the specific types of phishing include:
● Spear Phishing: Spear phishing is a sophisticated type of phishing in which specific types of individuals in an organization are targeted. It is more tailored than a generic phishing attack because it might include specific information like an individual’s name or position within a company. Spear phishing can come in the form of emails with attachments, instant messages and via social media. This is more costly than an average phishing attack because if it is successful the hacker can gain access to executive-level information on a company
● Whale Phishing: Whale phishing is a form of phishing aimed at wealthy and powerful individuals. The victim is referred to as a “whale” because the reward of a successful attack for the hackers is enormous. This type of phishing uses the same methods as spear phishing, but it’s more tailored towards a specific individual. Prior research on the individual is done before a whale phishing attempt. An example that recently happened is the phone hacking of Jeff Bezos, the CEO of Amazon.
● Clone Phishing: Clone phishing is one of the most advanced forms of phishing. It’s a phishing attack where a previous real email is cloned and has its contents (like attachments) replaced with malicious content. The cloned email might claim to be a resend, but it’s not; the email address is spoofed and looks like the same address as the original sender.
Consequences of a successful phishing attack:
Immediate monetary costs: For a small to medium sized business, the cost related to phishing attacks could be substantial, upwards of millions of dollars in some cases. This cost alone could shut down any small to medium sized business.
Brand damage: Brand damage is one of the most immediate consequences of a phishing attack. The loss of clients due to phishing is compounded by the prevention of future clients for your business. Phishing will definitely attract bad publicity to your business; this will likely include negative press across the board on all platforms.
Intellectual property loss: Intellectual property loss can be the most damaging of the consequences associated with phishing. Vital components to your business, such as research, leads, patents, copyrights and trade secrets are all part of intellectual property. If your business loses this kind of sensitive information, it could significantly impact operations, and even result in closing the business permanently.
If you’d like to learn more about phishing, click here to talk to an expert.