Phishing: What is it and how does it affect me?
Phishing is at the heart of over 90% of successful data breaches. It is one of the largest cyber threats to organisations around the world. Find out about it, and what you can do about it, below.
What is Phishing?
Phishing is a fraudulent attempt by attackers to gain sensitive information by the impersonation of a reputable source using email or other online communication. It’s a technique that’s worked since the mid-1990s and is still just as effective today.
Attackers often masquerade as popular social networking sites, online shops, banks, credit card companies or even your own IT help desk!
It is a criminal offence and cost the global economy over £14,000 per-minute in 2018.
Let’s take a look at the history of Phishing and how it got that ridiculous name.
History of email phishing - The early years
The “ph” spelling of phishing comes from an earlier word for an illicit act: “phreaking.” Phreaking involves fraudulently using an electronic device to avoid paying for telephone calls. Its name is suspected of being a shortening of “phone freak.”
“Back in the early to mid-1990s, the only Internet option was ‘dial-up’ access for a fee. For those that were reluctant to pay for Internet access, the alternative was a thirty days free trial to access to the Internet via an AOL floppy disk.
Understandably, life without the Internet after the trial period expired was simply too much to bear. Some rather devious folk found a way to change their screen names to make it appear as if they were AOL administrators. Using these fake screen names, they would “phish” for log-in credentials to continue accessing the Internet for free
Internet use dramatically increased in popularity. This new breed of scammer had to adapt fast to keep these tactics fresh and maintain their disguise as administrators of the ISP. They used a myriad of tactics to successfully email the accounts of the ISP’s customers and steal their login credentials. Having “spoofed” someone, they could access the Internet from that user’s account with the bonus of sending spam from the user’s email address.
Those 3 (deadly) little words...
A change in tactics saw the world fall victim to the Love Bug on May 4 2000. Starting in the Philippines, a message entitled “ILOVEYOU” filled mailboxes around the globe. It simply said “Kindly check the attached LOVELETTER coming from me”.
Those who could not resist unearthing their secret crush, opened what they thought was a harmless .txt file. Harmless couldn’t have been further from the truth, the now-famous ‘LoveBug’ unleashed a worm that wreaked havoc on the local machine. It overwrote vital system image files. It sent a copy of itself to all the user´s contacts in their Outlook address book. ‘LoveBug’ infected 50 million computers. Not only that, it accomplished this in only 10 days.
‘LoveBug’ not only showed us how to get spam to send itself, but that the role played by human psychology in cyber security was equal to or greater than any hardware or software. This was the first time a little code, mixed with a splash of intrigue cost the global economy £12 billion. That’s 4 times what it cost to run the entire NHS over the same period.
It would seem logical that people should have learned to avoid the trap of surrendering login credentials, clicking links or even opening attachments. Yet this is still an effective tactic for hackers with over 90% of successful data breaches starting with a phishing attack.
How To Prevent Phishing
Phishing emails range from extremely easy to spot to almost impossible. Hackers use ever-increasingly sophisticated techniques to fool you into parting with your sensitive information.
To this day there is no ‘catch-all’ method for stopping phishing, one has to remain vigilant at all times and treat all emails and websites with caution when online.
We recommend all readers educate themselves on the dangers of phishing. With well managed Security Awareness Training the threat posed by today’s advanced phishing techniques can be significantly reduced. Take back control, today.