What is Phishing?
Password Fishing, known as Phishing, is one of the most commonly used threats by cybercriminals, deployed in order to scam and spread malware. According to the European Union Agency for Cybersecurity (ENISA) phishing can be defined as a fraudulent attempt to steal user data such as login credentials, credit card information or even money using social engineering techniques.
Over the past year 94% of malware was delivered via e-mail. Further, 80% of reported incidents were phishing attacks, with 30% of phishing messages being opened by the receiver. Phishing is clearly a widespread method for malicious actors, trying to get access to/or steal your personal data as well as spreading malware. Most people have received some kind of phishing email, maybe from a “prince” in another country claiming you have inherited a castle or a very suspicious offer that prompts you to click links for economic rewards or discounts. These emails are very common, and they are a bigger problem than one might think. They often result in stolen personal details and compromised accounts. It is likely that such accounts are later sold on dark-net marketplaces. With the Covid-19 pandemic in the world hackers have used and taken advantage of the public fear, often posing as official organisations such as the World Health Organisation (WHO). The emails usually contain information about infections in the area or expert opinions about the virus, prompting users to follow a link. Events such as this, combined with a lot of people working from home, using systems that are not as secure as the ones at the workplace—has opened an opportunity for cybercriminals to exploit. In order to protect yourself as a user and your organisation there are several things that you can do. This infographic highlights some general ideas on how to stay more secure in relation to phishing. Take a look, be aware and most importantly, #ThinkB4UClick !
Sources: ENISA ThreatLandscape 2020 –Phishing
Design by Anton Holmström & Simon Andersson | Reference: ENISA Threat Landscape 2020 - Phishing.