Phishing (pronounced as ‘fishing’) is a cyber attack technique used by scammers to obtain sensitive information from users of electronic devices. Such sensitive information may include usernames, passwords, login credentials and credit card details. Cybercriminals masquerade themselves as a trusted company/entity and dupe the victim into opening a malicious link either by giving alerts/warnings or lucrative offers, which when clicked, can lead to the installation of malware into the victim’s system.
Emails are the most common way in which phishing is carried out, but phishing attempts are also made via text messages (called smishing), phone calls, or webpages (called web jacking/cyber jacking).
Regardless of the medium of communication, phishing attacks always use deception to trick users into giving up sensitive information.
As the famous sayings go, “Better safe than sorry” and “Prevention is better than cure.” It is best for your company to be equipped with cybersecurity protocols and provide security awareness training to your employees as a means of preventing any phishing attempts made against your company or its employees.
Here are five potential questions with multiple-choice style answers you can present to your employees to test their knowledge.
The correct answer is C.
The safest thing to do is double-check any email that seems suspicious. Even if it’s from the company’s real email address and it seems legitimate, there are often subtle details that can tip you off. For example, the official and original company email would never ask you to reveal any sensitive information, be it personal or information pertaining to work or trade secrets.
Remember, no company can legally ask you to reveal any of your sensitive information such as one-time passwords (OTP), login credentials, or credit card details.
The correct answer is D.
You should always pay attention to the little details. For example, a genuine email from a real company, involving a sensitive matter, always addresses their recipients with their name instead of “Dear user/customer”.
The email address of the sender should always be verified beforehand. An authentic email always originates from the email address of its real domain suffixed with the name of their company. For example if the email of the address is “customersupport.microsoft@gmail.com” then it is most likely to be a phishing email because every company has their own domain for all communication purposes.
The correct answer is A.
Over 3.4 billion phishing emails are sent daily. Phishing scams have increased by 34% in 2021 compared to the previous year. Employees can end up wasting countless hours trying to determine which ones are real and which ones are fake. Over 79% of US organisations experienced phishing attacks in 2021.
The correct answer is B.
Phishing is a little more complicated than one might think. Sometimes phishing emails include links that trick you into downloading an attachment with malware or ransomware that can infect your computer or mobile device without your knowledge.
You should also know that if an email redirects you to a third party website where you are asked to reveal any sensitive information, it is a high possibility that it is a fraud email. Authentic companies would never ask you to reveal any sensitive information or send emails that direct you to third-party websites or include unreliable attachments.
In some cases, one might fall prey to a phishing attack and wouldn’t even realise it for a while. Meanwhile, the hacker continues to use your social media account or identity impersonating you (identity theft) until you become the victim of a bigger issue.
The correct answer is D.
Phishing is a type of social engineering attack that aims to gain sensitive information. Malicious impersonators send these emails intending for them to look legitimate with the goal to trick you into clicking on a malicious link or opening a malicious attachment.
If you want to stay out of trouble and keep your information safe and secure, you have to be educated and prepared for how to identify phishing attempts. Always make sure your passwords are a mixture of numbers and letters along with some special characters.
Security of your social media or any other electronic accounts is very important, so always make sure to enable two-factor authentication to add an additional layer of security.
If you are unsure of what IT requirements you have, or how to upgrade your existing system, book in for a free IT health check. We will assess all of your systems and plans and come up with a solution for your individual IT needs.