- Details
- By Jacques Rentzke
Everything you need to know about phishing
Last year, 94% of South African businesses were the target of email phishing attempts. These attacks are becoming increasingly sophisticated, with cybercriminals using demographic data to create more realistic and accurate scams. You could, for example, receive a scam email from your child’s school, SARS, and even your bank that looks convincing enough to fool you.
To help you protect yourself and your business, we’ve put together a guide outlining everything you need to know about phishing, from identifying a phishing attempt to what you need to do if you or an employee has been exposed through a phishing attack.
What is phishing?
Phishing is a form of cyberattack that acts like a wolf in sheep’s clothing. Victims are sent a communication from what they think is a trusted source, like an email from their bank, that is actually a clever fake designed to steal sensitive information such as passwords, credit card numbers, pin codes or other personal information. These types of attacks usually come in the form of emails or social media messages that lead to fake websites. A phishing scam is not a data breach. Phishing attacks are most commonly perpetrated by cybercriminals out for financial gain.
Types of phishing attacks include:
- Email phishing: an email posing as a legitimate entity
- Spear phishing: a customised, researched attack that targets specific groups of individuals or businesses
- Whaling: targeting executives within an organisation (the big fish)
- SMS phishing (Smishing): scam attempt sent via a text message
- Voice phishing (Vishing): voice calls or recorded messages
- Website phishing: a fake website that looks just like a legitimate one
The goal of phishing is to collect sensitive information. Data stolen through a phishing attack can be used for a number of malicious purposes including identity theft, fraud, ransom, unauthorised financial transactions, sale on the dark web, and even espionage.