What is Phishing? - Capstone Brokerage

There are many ways that criminals attempt to infiltrate systems and retrieve personal data. Phishing remains the most common practice as it still holds the highest success rate for these criminals. According to csoonline.com, phishing attacks account for more than 80% of reported security incidents.1 End-user education is the best way to reduce the risk of an attack, but, unfortunately, many users do not fully understand how these attacks work. This article aims to provide education to your users by answering the most common questions regarding phishing.

What is Phishing? Phishing is a form of cyber-attack where the criminal uses emails through fraudulent claims of being a known vendor, client, associate, affiliate, or officer to obtain confidential information.

What does a phishing email look like? Typically, the criminal uses the fraudulent account to demand urgent action. These demands or requests for action come in many forms, such as the following:

  • Click the attachment to act now (most used in CEO fraud or vendor fraud)
  • Linking a Word document with a request to enable macros
  • Update a password or make changes to security questions associated with the account
  • Respond to a social media request
  • Suggestions to use a new Wi-Fi hotspot

Through requests like those mentioned above, the criminal can access social security numbers, phone numbers, credit card details, addresses, passwords and password security information, dates of birth, and other sensitive information to your employees and clients.  

How can I reduce the vulnerability of my business? Use the acronym “M.I.C.E

  • Monitor through phishing simulations.
  • Incorporate cyber security awareness into employee training.
  • Communicate consistently and provide additional information about cyber security.
  • Encourage all users to report any suspicious emails, even when they appear to be from a credible source.