Phish is a psychedelic band known for jamming with an ecstatic fan base. Phish Food from Ben and Jerry’s features chocolate ice cream with marshmallows and caramel swirls sprinkled with fudge fish. The band and ice cream are not for everyone; gooey marshmallows and extended musical jams are acquired tastes.
Phishing, while decidedly less sweet than music and ice cream, is unifying insofar as nearly everyone with an email address is a target of this type of cybercrime. In 2020, the FBI called phishing the most common type of cybercrime. Verizon’s Data Breach Investigations Report reveals that phishing accounts for more than 80% of reported security incidents.
Understanding what phishing is and creating a plan for mitigation will help you and your fellow TPRM practitioners practice better cyber hygiene. To come to grips with phishing is to #BeCyberSmart!
Phishing is defined by NIST as “tricking individuals into disclosing sensitive personal information by claiming to be a trustworthy entity in an electronic communication.” Phishing is when an online attacker impersonates a legitimate person or organization and uses tactics such as email or malicious websites to obtain personal or financial information from a user. The attacker may also infect malware or viruses into a user’s device.
The best course of action to thwart a phishing attempt is to report the incident to your email provider and to notify your IT department. Take the time to observe unusual activity on your email accounts before taking action. If your financial accounts have been compromised, notify your financial institution as soon as possible. Consider filing a report with the Federal Trade Commission or Internet Crime Complaint Center (IC3).
Generally, it is important to educate vulnerable users (mom?!) and employees about phishing and to teach these users how to use proper anti-phishing hygiene. The following are a few best practices and tips for handling phishing threats:
While each of these methods takes a slightly different approach, all methods of phishing have the same goal: to abscond with your personal data.
Think before you click and remember to report any emails, links, or attachments that may look suspicious. To learn more about how your TPRM program can reduce the risk of cyberattacks, register for our free webinar Threat Briefing: Real-World Cyberattacks On The Supply Chain, Tuesday, October 26, 2021, 11:00-12:00 ET.