Last year, 94% of South African businesses were targeted by email phishing attempts. These attacks are becoming increasingly sophisticated, with cybercriminals using demographic data to create more realistic and accurate scams. You could receive a scam email from your child’s school, the South African Revenue Service (SARS), and even your bank that looks convincing enough to fool you.
To help you protect yourself and your business, StormWarning! has put together a guide outlining everything you need to know about phishing, from identifying a phishing attempt to what to do if you or an employee has been exposed through a phishing attack.
What is phishing?
Phishing is a type of cyberattack that disguises itself as legitimate communication from trusted sources. Victims receive emails or messages from what appears to be a trusted entity, such as their bank, but is actually a clever fake designed to steal sensitive information like passwords, credit card numbers, or personal data. These attacks often use emails or social media messages to lead to fake websites. Phishing is not a data breach; it is typically carried out by cybercriminals seeking financial gain.
Types of phishing attacks include:
- Email phishing: An email posing as a legitimate entity.
- Spear phishing: A customized, researched attack targeting specific groups of individuals or businesses.
- Whaling: Targeting executives within an organization (the big fish).
- SMS phishing (Smishing): Scam attempts sent via text messages.
- Voice phishing (Vishing): Voice calls or recorded messages.
- Website phishing: Fake websites designed to mimic legitimate ones.
The goal of phishing is to collect sensitive information for malicious purposes, including identity theft, fraud, ransom, unauthorized financial transactions, sale on the dark web, and espionage.
How to identify a phishing email
Phishing emails often appear to come from a trusted source and may instruct you to provide sensitive information or click on a link or attachment. Be cautious of emails or messages requesting personal information or urgent action. Look out for these signs of a potential phishing attempt:
- Spelling mistakes or poor grammar.
- An unfamiliar or strange sender email address.
- Suspicious URLs.
- A sense of urgency.
How to protect against phishing attacks in your business
As a business owner, you may not have control over every email that comes through your server, but you can take steps to prevent phishing attacks:
- Educate your team on identifying phishing emails.
- Implement multi-factor authentication for all accounts and systems that store sensitive information.
- Use email spam filters to block phishing emails before they reach your inbox.
- Consult your security provider about existing measures. StormWarning! offers spam filtering on all email addresses linked to your web hosting account and recommends using security solutions like a web application firewall to detect and block malicious traffic. While these solutions may not directly prevent phishing, they can help protect sensitive information from being intercepted.
A growing trend among businesses is adopting a Zero Trust policy, which requires verification and authentication for all devices and networks to reduce risks from external and internal threats.
What to do if you have been affected by phishing
If you fall victim to a phishing attack, take immediate action:
- Change affected passwords and consider using a password manager for stronger security.
- Report the attack to the legitimate business the email was impersonating and ask them to take action.
- If your credit card details were compromised, cancel the card and contact your bank's fraud support line.
- Enable two-factor authentication on your accounts as an extra layer of security.
- Report the incident to the authorities. Cybercrime.org.za is South Africa's national fraud and internet crime reporting center.
- Monitor your credit card and bank account statements for suspicious or unauthorized charges.
By following these steps, you can minimize the damage caused by phishing attacks and protect your personal and financial information.
Also check out this resource: Examples of Current Email Phishing Cyber Attacks
Is your organisation properly Cybersecurity Hardenned and also Privacy Legislation compliant?..
...Best you contact StormWarning! today not only will we will do our very best to answer that question for you and your organisation, but we will diligently endeavor to assist your organisation become Privacy legislation compliant and offer reliable CyberSecurity solutions while adhering to the constraints of your budget.
SOME CYBER SECURITY STATISTICS TO CONSIDER
How many cyberattacks per day?
According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds.
How many people get hacked each year?
With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.
What percentage of cyberattacks include a social engineering aspect versus a technical problem?
According to Cybint, nearly 95% of all digital breaches come from human error.
