How Not to Get Hooked by a Phishing Attack

Getting hooked by phishing attacks are costly.  In fact, the average cyber attack costs small businesses $53,987. Phishing attacks are the most common. So, how do you not get hooked by one?

We created a short video, highlighting the key elements based on an overviewby CITRIX®published on SmallBizTrends.

[Phishing is] "A type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source." The scammers pretend to be an internet service provider, a bank, a mortgage company, or other entities. - Federal Trade Commission (FTC)

The FTC provides more information on how to deal with phishing attacks.

Phishing Attacks: How Many Hooks are There?

Amazingly, about 1 in every 100 e-mails are part of a phishing attack. That's right, you and your employees are likely hit with several a week since nearly a third of phishing emails aren't caught by spam or firewalls. The threat is very real and very common, and they're on the rise.  SmallBizTrends reported an increase in phishing attacks of 65% from 2016-17.

Why do they do it? Simple, it works. According to SmallBiz trends, 83% of people were hooked by a phishing attack resulting in some disruption and damage. These ranged from productivity loss (67%) to data loss and reputation damage (both around 50%). They go on to say that "2 in 3 phishing attempts use a malicious link, and over half contains malware".

Two Most Common Types of Phishing Attacks

Most Common: Malware Attack

About ½ of all phishing attacks are malware attacks. These attacks have hidden code which triggers a malicious download. This malware allows the hacker a number of options for ransomware, stealing, spying, and other malicious activities.

2nd Most Common: Credential Harvesting

Roughly, 4 out of every 10 phishing attacks try to harvest your credentials ,like your password or credit card information for instance. This can wreak havoc to your business or personal credit. However, it's mainly to use you as a trojan horse to attack a larger site with more information.

There are other types of phishing attacks, which SmallBizTrends cited.

What Can You Do to Avoid Getting Hooked by a Phishing Attack?

The most inexpensive way is to follow the steps outlined in our video. However, that relies on people being vigilant, which can be prone to failure. Amore expensive approach is to purchase an e-mail security platform for your business. Capterra lists several companies, none of which post their pricing.  After a little research though, we found that they charged around $5/user/month to protect Microsoft 365 users.

Summary – How Not to Hooked by a Phishing Attack?

Vigilance. It's important to educate every employee on how to manage their e-mails to avoid these threats. Once they take the bait, they're hooked, and the phishing attack damage is done.