Phishing attacks happen frequently and pose great dangers
Phishing attacks have increased a lot in recent years and they happen very frequently. The reason behind this is because they are very effective and efficient for cybercriminals, but most importantly very profitable for them. Many users and organisations have fallen victim to phishing attacks, whereby their personally identifiable information, credentials and sensitive data have been stolen, resulting in identity theft, loss of money, loss of reputation, loss of intellectual property, as well as disruption of daily normal operational activities. All these act together in posing great dangers to both users and organisations, which more often than not cause irreversible damage.
Understand what are phishing attacks to protect ourselves
A phishing attack is the act of committing fraudulent actions in an attempt to “fish” sensitive data out of victims. Cybercriminals do so by impersonating as other renowned brands or entities to trick victims into providing their sensitive data. Our article here provides more info to help you understand what are phishing attacks, in order to help you be better informed about them, as well as be more prepared when facing them.
Notable Phishing Attacks in Real Life
It is important to equip ourselves with knowledge about phishing attacks, because statistics show that phishing attacks are increasing every year, showing no signs of slowing down. Over the years, many companies including high profile companies, have fallen victim to phishing attacks. Some of the most notable examples include below:
- Austrian aerospace parts maker, FACC was hit by a whaling attack in 2016, costing the company a whopping $56 million. The CEO at the time, Walter Stephan was impersonated by the perpetrator, in which the attacker sent an email to an employee of the finance department requesting for immediate funds transfer.
- American network technology company, Ubiquiti Network was hit by a spear phishing attack in 2015, costing it a loss of $46.7 million in transferred funds. The attack was done by impersonating high ranking executives with spoofed email addresses and domain look-alikes.
- Even US giant companies Google and Facebook are not invulnerable to phishing attacks. Between 2013 and 2015, they were reportedly scammed of $100 million in an elaborate wire fraud scheme. Over the 2 years, the attacker sent phishing emails with forged invoices to request payment to be sent to fake bank accounts.
- Apple, the most valuable company in the world, is also a victim of smishing. The company brand was used in a fake Apple chatbox, whereby users were informed to have a chance to join a testing program for iPhone 12. Users were requested to pay a delivery charge by being redirected to a malicious website which stole payment card details.
- A popular cybersecurity company, RSA was also a victim of phishing attack via email. The email was attached with a virus-infected Excel file, and was opened by an unsuspecting employee of the company. This led to a sophisticated attack on the company’s information systems.
The Internet is always changing, so does the phishing attack methods. However, most of them will still share some common warning signs that can be identified with proper knowledge and experience through regular security awareness training with your team. With this, it is more likely you are able to avoid a potential attack.
Phishing attacks prevention
As seen above, phishing attacks can pose serious consequences and huge losses to companies, as well as users alike. It is important to know how to prevent phishing attacks. The actions below can help to increase your success in preventing them.
1. Educate your team to identify phishing scams and techniques. The Internet is always changing, so does the phishing attack methods.
However, most of them will still share some common warning signs that can be identified with proper knowledge and experience through regular security awareness training with your team. With this, it is more likely you are able to avoid a potential attack.
2. Don’t click on suspicious links
Some links look suspicious and with some practice they can be easy to spot. It is generally advisable to not click any links in emails or instant messages. However, should there really be a need to do so, the general practice and bare minimum is to at least hover over a link to see if the destination is correct. The reason is because some destination URLs can look very identical to a genuine site, set up to phish sensitive data and login/credit card information from whoever that clicked the link. It is always recommended to go straight to the genuine site through search engine, rather than clicking a link.
3. Use free anti-phishing add-ons
Most Internet browsers now come with the option to download and install free anti-phishing add-ons. When these extremely useful add-ons are used, they provide instant quick checks on the URLs that a user is visiting, by comparing them to lists of known phishing sites. The add-ons will alert the user if he/she comes across any known malicious sites.
4. Check for the security and secure status of a website
Make sure to look for the “https” in a website URL, as well as a closed padlock icon near the address bar whenever visiting a website. These indicators are the signs of a secured website and you would be safer when submitting any sort of information on this website. If you come across any suspicious websites or are alerted about malicious files, then do not open them to be safe.
5. Monitor and check all your online accounts
You should consistently visit your online accounts on a regular basis, as well as change the passwords regularly, too. There is a chance that your accounts might have been compromised without you knowing, and the attackers are enjoying unlimited access to your accounts. A habit of changing your passwords will be extremely effective in preventing this.
6. Never skip or delay browser updates
It can be quite a bother to check for updates of your browsers, and we tend to put them off for later. Make sure you don’t do this. Updates are there for a reason, and they are extremely important in fixing any security loopholes that cybercriminals may take advantage of. It is strongly recommended to update immediately whenever new updates are available to ward off the risks of phishing attacks.
7. Setup firewalls
Firewalls are extremely effective in preventing hackers and phishers from intruding your system. They act as a shield to prevent cybercriminals, because they need to be broken through before any cyberattacks, including phishing attacks, can be launched effectively. The best case scenario is to apply both desktop firewalls and network firewalls, which strengthen security to prevent phishers.
8. Be extra careful when it comes to pop-ups
Pop-up windows are commonly used by phishers attempting to launch phishing attacks. They often contain links to malware or malicious websites. You are recommended to install free ad/pop-up blockers to reduce the such risks. Occasionally, some pop-ups might slip through and it is generally advisable to close them. Some will deceive you with a cancel button for you to click, but don’t fall for it. Find and click the “x” in the corner of the pop-up instead.
9. Think twice or even thrice when submitting sensitive info
Always remember not to submit your sensitive data when using the Internet, unless you are 100% sure of the safety of the website. When in doubt, visit the main website of the company and ask for clarification. It might be a hassle, but it is worth the effort to be better safe than sorry. Never submit sensitive info on websites you are suspicious of.
10. Implement a complete and powerful web security solution
The cybersecurity industry has evolved by leaps and bounds and there are many great cybersecurity solutions out there now. These solutions provide a comprehensive cyber protection, and they can help to drastically reduce the risks of cybersecurity incidents, including phishing attacks.
One such solution is our Sectigo Web cybersecurity solution. This all-in-one and comprehensive web security service includes many powerful cybersecurity functions, including:
- Web Detect
- Web Patch
- Web Clean
- Web Backup & Restore
- Web Accelerate
- Web Firewall
- Web Comply
These functions ensure that your system is constantly protected at all times, while giving cybercriminals a hard time to launch any effective cyberattacks on you, including phishing attacks. Why so? That’s because Sectigo Web works 24/7/365 to help you monitor and check for cybersecurity invulnerabilities, giving little to no time to cybercriminals to launch attacks. Start your web security service selling journey with WebNIC now to help combat the plague of the digital landscape, phishing attacks!
WebNIC operates a digital reseller platform covering primarily domain name registration for over 800 TLDs, web security services, email and cloud services. With offices in Singapore, Kuala Lumpur, Beijing, Taipei and Jakarta, we serve 5,000 active resellers in over 70 countries. With over 20 years’ experience, we accelerate our partner’s growth through a robust platform, attentive support and wholesale pricing. To join us and become a reseller, live chat with us or email us at [email protected].