You are very much aware that your company or organization is at risk, every minute of the day, from cyberattacks, malware, ransomware, and even benign errors that can put your data at risk. Even a failed backup procedure could mean a loss of critical company and customer data. In today’s blog, we’re just going to review one of the most common methods that bad actors use to try to gain access to your data; Phishing. Phishing isn’t a particular type of malware or virus that attacks your data. Instead, it refers to the tools cybercriminals use to get access to your data. Phishing refers generally to the bag of tricks they use to break into your house.
In phishing attacks, cybercriminals generally send a web link that is disguised to look genuine, and prompt the receiver to share information that will then be misused. For example, an email may be sent to you that looks as though it came from your bank, the CRA, or the IRS, announcing a tax refund that your business is eligible to receive. You may be asked to log into your bank account or a fake government site, and enter your bank details to receive the refund or download a receipt. The cybercriminals will have access to any details you share, and later use it to clear out your bank account.
Phishing links may also lead to clone websites. Clone websites, as the name suggests, are websites that look strikingly similar to original websites, but are obviously not the same, and are controlled by cybercriminals who use it to steal data from unsuspecting victims. Here are a few tips to help you identify clone websites and steer clear of them.
If you receive an email with a link to a familiar website asking you to log into the site or enter your personal information, cross check the URL. Check the spelling and domain, for example, www.amazon.com is the right URL for Amazon, whereas a clone website may have an URL that looks similar, but is not the same. An example would be www.amaazon.com or www.amazon-offer.com. Another thing you can do, is always type the URL you intend to visit. For example, if you are being asked to log into your bank account, type your bank’s website address instead of clicking on the link they provided to you in the email.
Sometimes, phishing attacks can be manual as well, meaning, instead of asking you to enter your personal information in a website or a form, the cybercriminal may pose as someone you know and send you an email from an email address that looks authentic and try to get money or personal information from you. Such attacks usually happen if your network, or that of your recipient’s, has been compromised in a hacking attack, whereby the cybercriminal has some information that they can use to make their messaging sound genuine.