Photo by Yogas Design on Unsplash
Phishing is a cyber attack that gathers sensitive information like login credentials, credit card numbers, bank account numbers, or other financial information by masquerading as a legitimate website or email. Personal information like social security numbers, phone numbers, and social media account information are also common targets for cybercriminals who perform identity theft.
Common phishing attempts clone financial institutions, emails from colleagues, auction sites, social media sites, and online payment processors. Despite being one of the oldest cyber crimes, phishing remains a large cyber threat to many organizations. This is due to its widespread use and sophisticated phishing campaigns. Phishers are increasingly gathering information about their targets to improve the effectiveness of their phishing messages.
Security awareness training is a great way to minimize phishing’s cyber security risk. Phishing emails may also contain infected attachments to install malware such as ransomware or to gain unauthorized access to sensitive data to cause a data breach.
It’s important to remember that some of the biggest data breaches come from outside of your organization. If your third-party vendors have access to sensitive data, then it’s as important to have them educate their staff about phishing risks. Third-party risk, fourth-party risk, and vendor risk related to phishing must be part of your third-party risk management framework and vendor risk management program.
