Phishing Attacks: What They Are And How To Identify Them

Phishing attacks are becoming more sophisticated. How can you reduce the risks? Kiandra guides you through everything you need to know about phishing prevention.

What's a phishing attack?

Phishing attacks are a type of social engineering using websites or email to target individuals and businesses. The goal is to extract personal information by posing as a trustworthy organisation, such as a bank or government entity. Phishing attacks typically take the form of emails that appear to be from legitimate organisations such as banks. Phishing can also happen through instant messages or text messages. An example of a phishing attack is an email asking your to update your password. When you click through to the link, you enter your old and new passwords, and so the attacker has captured your credentials.
You could end up giving over credit card numbers or other sensitive information. Or you might click on a link and download malware to your computer. This could be ransomware that encrypts your system until you pay a ransom, or it could steal your personal data. For businesses, the outcome could be significant financial losses, reputation damage and loss of market share. A highly-targeted form of phishing is spear phishing, which targets specific individuals and organisations by using detailed personal information.

Recent phishing scams in Australia

Australians lost $340 million to scammers in 2017. That is $40 million more than in 2016. And more than in any other year since ASIC began scam reporting. On average, victims are losing $6,500 each. 

Recent phishing scams in Australia demonstrate the prevalence of these attacks and how detrimental they can be.
  • Telstra bill scam - This attack used counterfeit bill-notification emails to link to a bogus site where the individual downloads a malicious file designed to steal credentials.
  • ATO penalty notice - This phishing scam used a counterfeit ATO penalty notice to encourage email recipients to open an attachment with a malicious code.
  • GoVia eToll - The GoVia eToll scam email was sent to QLD residents and linked to a site featuring a malicious download.
  • ASIC business renewal - The ASIC business renewal scam asks email recipients to pay for a business name renewal by entering their credit card details.

Overseas attacks like the Children’s Mercy Hospital (Missouri) and Progressions Behavioral Health Services (Pennsylvania) may have compromised more than 60,000 private health records. Other global attacks continue to use threats of the WannaCry ransomware to convince computer users to pay up.

How to prevent a phishing attack

Phishing attacks are a major security concern for individuals and organisations. Preventative measures should target a range of areas.

Anti-phishing tools

Basic tools like anti-phishing toolbars and antivirus software can help with minimising the risks of these types of attacks.

Education

Ensure employees are educated about phishing scams and practise recommended policies when using email, text messages, and instant chat. Regular security training could be an effective way to do this. Employees should be warned about attachments, links, and suspicious senders. Red flags include invitations to enter personal details and other sensitive data. Ask staff members to call and verify emails before giving over any data.

Verify sites 

Verifying sites and emails with a phone call and double check the URL begins with "https". Check to see there's a closed lock icon near the address bar and look for the site's security certificate.

Use a filter

Use SPAM filters to block viruses and blank senders. Install a web filter on all employee workstations so malicious websites are blocked. You can also use add-ons and extensions on browsers to boost security online.

Passwords 

Use strong passwords and ensure staff members follow these guidelines: Use two-factor authentication wherever possible. And make sure passwords are changed on a regular basis. 

Work with your IT advisers 

Recognise phishing scams as a major threat by prioritising prevention as an IT strategy. Work with your IT advisers to, for example, monitor inbound and outbound communications. Management should track threats with regular reporting from IT experts. 

Patches and updates 

Automate patches and security updates so they're downloaded as soon as they're available.

Encrypt

Encrypt all sensitive information, especially customer information and proprietary company data. Mandate encryption for all employees who work at home or telecommute.

Stay up to date 

Phishing and other malicious attacks are constantly evolving, so it's vital to stay up to date with the latest, most sophisticated phishing techniques. Keep working with your IT advisers to ensure your organisation is well protected against them.

Continuous monitoring

It’s safer to assume phishing scam links will get clicked on at some point as they become more sophisticated. To thwart this it’s vital to have continuous monitoring in place to determine abnormal activity. This will enable you to act quickly and better respond to a potential threat, setting you up to limit any data exposure, loss, and damage. It’s also vital to be prepared and have incident response processes with systems in place so you can quickly identify, contain and neutralise a threat.

This also an essential part of remaining compliant under the new Notifiable Data Breach legislation in the likely event a breach were to occur.

Significant risk

Phishing scams can pose significant risks. Education and clear guidance are essential to avoid phishing attacks. By taking preventative measures, you could reduce the risk of these attacks and better protect sensitive and confidential data.

Kiandra has been delivering smart, business-critical software, technology and security solutions for more than two decades. We've worked for organisations of every size, across 40 industries and our on-the-ground team of experts deliver an amazing client experience every time. For a discussion about your security concerns, contact us today