Almost all of us have received emails with subjects that read “Congratulations! You have won a Car!” or “Apple Customer Lottery!”. Ever wondered what these emails are? These are typical examples of phishing emails. Phishing is a form of social engineering, a modern day electronic fraud that is growing exponentially.

This blog talks about the various phishing methods and cyber-criminals used to reach their targets.

Email / Spam phishing is a type of phishing where hackers send attacks via email and spam the target’s email account.

Web-Based Delivery is the most popular type where the attacker traces details during a transaction between the legitimate website and the user.

Phone Phishing is a method where hackers directly call the user and create a sense of urgency to gain critical information.

Phishing emails usually prompt the users to take immediate actions such as validating their bank account information or sharing sensitive information and often urge the user to respond quickly, leaving little or no time for the target to think.

If you’re an employer, educating all the technical and non-technical employees in your company is important as employees are the main source or inhibitors of confidential information, which if leaked may pose a serious threat to the business.

• Educate employees and conduct training sessions on phishing scenarios
• Enable SPAM filters that detect viruses, blank senders, etc
• Develop a security policy that includes password expiration and complexity
• Secure all sensitive information using a third-party tool
• Deploy a web filter blocking malicious websites

While it is not possible to completely stay away from phishing threats by taking proper precautionary actions and by having a strong IT security strategy in place, one can significantly reduce the potential threat of phishing attacks.

To know more about types of phishing, click here.