Phishing is a cyber attack that uses electronic means to trick a user into sharing sensitive information. Traditionally, these attacks originated through email, but now can be delivered through social media, text messages, or other messaging services.

Impact

• Approximately ⅓ of all data breaches involve Phishing.
• 41% of all attacks redirect users to phony login pages resulting in about $400 loss per account.
• 51% of all attacks have links that are actually malware resulting up to $2.5 million in losses.
• 8% of all attacks involve direct extortion causing up to $5,000 in damages per user.

Recognition

Attackers prey on peoples’ fears, interests, and inherent trust to accomplish these attacks. Here are some examples:

• An email from your boss or business associate asking for you to take immediate action.
• An entity offering financial assistance or promises of high paying jobs.
• Charities or other organizations related to an ongoing crisis.
• Emails containing links that are shortened or are misspelled.
• Correspences from people you know from unusual channels.
• Links to documents that you did not request access to.

If you are unsure whether you are being phished its best to double check by calling the other party. If that is not possible Ask someone you trust if they think its’ fake. Under no circumstances should you interact with a suspected Phishing attempt until you can verify it is legitimate.

I’ve Been Compromised What’s Next?

If you do succumb to a phishing attack these are the steps to take:

• Alert others in your company. Typically entire organizations are subject to these attacks.
• Change any passwords that may have been compromised immediately.
• If you downloaded a malicious file, disconnect that computer from the network.
• Notify anyone whose information could be compromised as soon as possible to prevent identity theft.
• Report attempts to [email protected] and FTC.gov/Complaint.