Photo by Crawford Jolly on Unsplash
Phishing is a cyber attack that gathers sensitive information like login credentials, credit card numbers, bank account numbers, or other financial information by masquerading as a legitimate website or email. In addition, personal information like social security numbers, phone numbers, and social media account information are also common targets for cybercriminals who perform identity theft.
Phishing scams trick victims using social engineering to create a sense of urgency. Once the victim opens a phishing email or text message and clicks the malicious link, they are taken to a fake website that matches the legitimate site.
Common phishing attempts clone financial institutions, emails from colleagues, social media sites, and online payment processors.
Despite being one of the oldest cyber crimes, phishing remains a significant cyber threat to many organizations. This is due to its widespread use and sophisticated phishing campaigns. In addition, phishers are increasingly gathering information about their targets to improve the effectiveness of their phishing messages.
Security awareness training is a great way to minimize phishing’s cyber security risk. Phishing emails may also contain infected attachments to install malware such as ransomware or to gain unauthorized access to sensitive data to cause a data breach.
It’s important to remember that some of the most significant data breaches come from outside of your organization. If your third-party vendors have access to sensitive data, then it’s as essential to have them educate their staff about phishing risks. Third-party risk, fourth-party risk, and vendor risk related to phishing must be part of your third-party risk management framework and vendor risk management program.
