Phishing and Spear Phishing Scams Don’t Get Caught in Their Nets.
What is Phishing?
Phishing is tech language for fishing over the Internet for confidential business and personal information such as credit card numbers, personal identification, usernames, and passwords. The first phishing scam occurred in 1996.
It uses social engineering techniques and computer programming to lure email recipients and Internet users into believing that a fraudulent website is legitimate. When the phishing victim clicks the phishing link, they find that their personal identity vital information and even money have been stolen.
What’s the difference between Phishing and Spear Phishing?
Phishing emails are sent to the general public. They often impersonate a government agency, bank, the IRS, social networking site or store like Amazon.
Spear Phishing emails target specific individuals. They are personalized with facts about you or your business to draw you in. And they appear to come from a company or person you do business with. It could come in the form of an email from your CEO.
A Phishing or Spear Phishing Email:
- Is the one that you didn’t initiate.
- May contain strange URLs and email addresses.
- Often uses improper grammar and misspellings.
- Typically contains attachments that you don’t recognize as legitimate.
- Contains a link or email address that you don’t recognize.
- May use language that is urgent or threatening.
Phishing and Spear Phishing are popular among cybercriminals because they usually succeed.
10 messages have a better than:
- 90% chance of getting a click.
- 8% chance of users clicking on an attachment.
- 8% chance users will fill out a web form.
- 18% chance that users will click a malicious link in an email.
Even high-level executives get spoofed and share usernames and passwords.
The average cost of a Phishing Scam is $1.6 million. It’s a top security concern for businesses today:
- 1 in 3 companies is affected.
- 30% of Phishing emails get opened.
- Phishing is now the #1 vehicle for ransomware and other forms of malware.