Phishing attacks are a type of cyber attack where attackers attempt to deceive individuals into divulging sensitive information

such as
usernames, passwords, or nancial details. Here's a brief overview of phishing attacks and the teams that are often identi ed as most at risk:

Phishing Attacks Overview:

• Email Phishing:
• Description: Attackers send deceptive emails that appear to be from a trustworthy source, like a bank or a legitimate
organization.
• Common Characteristics: Urgency, of cial logos, grammatical errors, and fake links.
Teams Identi ed as Most at Risk:
• Human Resources (HR):
• Reason: Access to sensitive employee information, including payroll details.
• Finance and Accounting:
• Reason: Control over nancial transactions and sensitive nancial information.
• IT and Security Teams:
• Reason: Access to critical systems and privileged information.
• C-Level Executives:
• Reason: Targeted for their access to high-level corporate data and authority.
• Customer Support:
• Reason: May be targeted to gain access to customer information or for spear phishing attacks against customers.
• General Workforce:
• Reason: Phishing attacks often cast a wide net, targeting employees for general account access or to gain a foothold in the
organization.
fi
fi
fi
fi
fi
fi
What is phishing?

Phishing is a type of cyber attack in which attackers use deceptive techniques to

trick individuals into divulging sensitive information, such as usernames,
passwords, nancial details, or other personal information. The term "phishing" is a
play on the word " shing," as attackers cast a wide net, hoping to catch
unsuspecting users.
fi
fi
Learn to spot phishing emails

Spotting phishing emails requires careful scrutiny and an awareness of common tactics used by attackers to deceive individuals. Here are some tips on how to identify phishing emails:

• Check the Sender's Email Address:

• Examine the sender's email address closely. Legitimate organizations use of cial domain names, and variations or misspellings may indicate a phishing attempt.
• Look for Generic Greetings:
• Phishing emails often use generic greetings like "Dear Customer" or "Dear User" instead of addressing you by name. Legitimate organizations typically personalize their communications.
• Verify the Content:
• Be cautious of emails with urgent or alarming messages, especially those threatening consequences if you don't take immediate action. Phishing emails often create a sense of urgency to
prompt quick responses.
• Check for Spelling and Grammar Errors:
• Phishing emails may contain spelling and grammar mistakes. Legitimate organizations typically proofread their communications carefully.
• Inspect Links and URLs:
• Hover over any links in the email without clicking on them to preview the actual URL. Be wary of links that do not match the expected destination or use variations of legitimate domains.
• Examine the Email Layout:
• Poorly formatted emails with irregular spacing, mismatched fonts, or inconsistent logos may be indicators of phishing attempts.
• Beware of Requests for Personal Information:
• Legitimate organizations rarely ask for sensitive information, such as passwords or credit card details, via email. Be skeptical of any email requesting such information.
• Verify with the Company:
• If in doubt, independently verify the information by contacting the company or organization directly using of cial contact details. Do not use contact information provided in the suspicious email.
• Check for Unusual Email Attachments:
• Be cautious when opening email attachments, especially if they are unexpected or from unknown sources. Malicious attachments can contain malware.
• Use Email Security Features:
• Utilize email security features provided by your email provider. This may include spam lters and security warnings.
• Look for Personalization:
• Legitimate emails from known organizations often contain personalized information, such as your name and sometimes account details. Be suspicious if an email lacks personalization.
• Be Wary of Unusual Sender Behavior:
• Be cautious if you receive unexpected emails from contacts you know, especially if the content seems out of character. Their accounts may have been compromised.
fi
fi
fi
 How do we stop getting phished?
Preventing phishing attacks involves a combination of awareness, education, and adopting security best practices. Here are some proactive measures to help you and your organization avoid falling victim to
phishing:

• Security Awareness Training:

• Educate yourself and your team about the various types of phishing attacks and common tactics used by attackers. Regularly conduct security awareness training to stay informed about
evolving threats.
• Verify Sender Information:
• Always check the sender's email address for legitimacy. Be cautious of email addresses that look suspicious or use variations of of cial domain names.
• Think Before Clicking:
• Avoid clicking on links or opening attachments in emails from unknown or unexpected sources. Hover over links to preview the actual URL before clicking.
• Use Multi-Factor Authentication (MFA):
• Implement MFA to add an extra layer of security. Even if your credentials are compromised, MFA provides an additional step for veri cation.
• Enable Email Filtering:
• Utilize advanced email ltering systems to automatically detect and lter out phishing attempts before they reach your inbox.
• Keep Software Updated:
• Regularly update your operating system, software, and security tools to patch vulnerabilities. Attackers often exploit outdated systems.
• Verify Requests for Personal Information:
• Be skeptical of any email requesting personal or sensitive information. Legitimate organizations usually do not request such information via email.
• Use Browser Security Features:
• Enable browser security features, such as safe browsing and pop-up blockers, to provide an additional layer of protection against malicious websites.
• Employ Email Authentication Protocols:
• Organizations should implement email authentication protocols like DMARC, DKIM, and SPF to help prevent email spoo ng and phishing.
• Regularly Back Up Data:
• Keep regular backups of important data to minimize the impact of potential ransomware attacks. Ensure backups are stored securely.
• Implement Security Policies:
• Establish and enforce strong security policies within your organization. This includes guidelines on handling sensitive information and recognizing potential phishing threats.
• Verify with Of cial Channels:
• If in doubt, verify the legitimacy of an email by contacting the organization or person using of cial channels. Do not use contact information provided in the suspicious email.
• Report Suspected Phishing Attempts:
• Establish clear procedures for reporting suspected phishing attempts within your organization. Prompt reporting can help mitigate potential threats.
• Regularly Assess and Test:
• Conduct regular security assessments and phishing simulations to test the awareness and responsiveness of your team. This helps identify areas for improvement.
• Keep up-to-date with the latest phishing techniques and trends in cybersecurity. Awareness of current threats is key to developing effective defense strategies.
fi
fi
fi
fi
fi
fi
fi