Everything you need to know about phishing

Cybercriminals are coming for your credentials, here’s how to stop them

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Phishing attacksare on the rise, and they’re increasingly costly for businesses. PhishLabs reported that in 2021, attacksincreased 28% over the previous year. Today, a large number of cyberattacks begin with phishing emails.

That means malicious emails should be top of mind for businesses. However, many companies still don’t quite understand the breadth and scope of the phishing problem, the potential risks, or even what phishing truly is.

You might also want to check outMicrosoft replaced as the most-phished company by a surprising entrant.

A Techradar Choice for Best Identity Theft Protection

Aura is an excellent choice thanks to its user friendly interface, antivirus service and detailed reporting dashboard.Save up to 50%with a special Techradar discount.

What counts as phishing?

Any attempt to obtain information or money using a fraudulent email counts as phishing. Phishing emails spoof the look and feel of an actual email message from a trusted source — a person or, more often, a company such asAmazon,Google, or PayPal. These emails create a sense of urgency for users to follow a link to a page where they will enter their passwords to prevent an adverse event — like their email account being shut down or a fraudulent charge being processed — or to double-check an account balance.

Once they log in, their information may be stolen, or their computer could be infected with malware or ransomware. In some cases, cybercriminals use the data to hack into accounts, pocket money, or make fraudulent purchases.

Phishing scams usually include link manipulation — using misspelled URLs similar to legitimate ones. Often, phishers use images embedded in emails instead of text to help evade filters. More sophisticated approaches may involve a covert redirect that uses a login popup on a legitimate website.

There are a few common approaches:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Low-tech security strategies

While email filters and other security technologies can help block phishing emails from getting to your customers’ inboxes, the criminals behind these scams are constantly updating their techniques to avoid detection. Phishing relies heavily on psychological manipulation, and end-users are the weakest link.

Even basic, low-tech strategies can help you protect your business and your customers from the costs and consequences of a phishing attack. Those include:

Training

Provide end-user awareness training to help staff recognize the tell-tale signs of phishing – misspelled website names, oddly named attachments, etc. In addition, employees should “hover” over sender names in emails and embedded links to make sure they match the origin account or a legitimate website.

Make sure they also know best practices, like never logging into a website they reached via an email link.

Designated Email Addresses

If the business regularly receives legitimate emails for financial transactions, it could set up specific email addresses just for those requests. Limit the exposure of these addresses on public sites, which can help reduce their target footprint when it comes to phishing.

Code Names/Code Words

Code names aren’t just for spies. For example, employees or clients could establish specific email formats or code words for correspondence to let the recipient know the email was legitimate.

Enforce Email Policies

Set up policies to minimize the number of sensitive transactions that occur via email. If employees know that financial authorizations should only be made in person or over the phone, it’s unlikely they’ll fall for a phishing attempt to get them to do so via email.

Phishing is a growing and constantly evolving threat, so it is vital to stay updated on the latest threats and what steps your organization can take to mitigate these attacks.

Jason Howells, vice-president, MSP international sales  atBarracuda MSP

See also thebest antivirus programsandbest malware removal tool.

Jason Howells is the Director, International MSP for Barracuda. He is a business leader with over 20 years of Sales and Management experience driving profitable growth in IT Security and Data Protection.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

New No Man’s Sky PS5 Pro details reveal 8K support