Everything You Need To Know About Phishing

By Chris Crellin, Senior Director, Product Management, Barracuda MSP

Low-tech security strategies are a vital part of protecting customers from email-borne threats.

Phishing attacks are on the rise, and they’re increasingly costly for businesses. The most recent State of the Phish Report indicates that 76 percent of information security professionals experienced a phishing attack in 2017, and Verizon reports that 90 percent of all cyberattacks (which increasingly include ransomware) begin with phishing emails.

That means malicious email should be top of mind for businesses. However, many companies still don’t quite understand the breadth and scope of the phishing problem, the potential risks, or even what phishing truly is.

What counts as phishing?

Any attempt to obtain information or money using a fraudulent email counts as phishing. Phishing emails spoof the look and feel of an actual email message from a trusted source — a person or, more often, a company such as Amazon, Chase Bank, FedEx, Google, PayPal, or UPS. These emails create a sense of urgency for users to follow a link to a page where they will enter their personal passwords to prevent some type of adverse event — like their email account being shut down or a fraudulent charge being processed — or to double-check an account balance.

Once they log in, their information may be stolen, or their computer could be infected with malware or ransomware. In some cases, cyber criminals use the data to hack into accounts and steal money or make fraudulent purchases.