Phishing and Spear Phishing. What should you do?

The word phishing has been featured in the news a lot lately, but what does it mean?

What is phishing?

Phishing is a type of cyber-attack that aims to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communication. Phishers use email, text messages, telephone calls, or even mail to deceive their victims into disclosing personal or financial information. Criminals phish for your password using fake websites that look identical to sites you know and trust. Often, they send phishing emails that appear to be from a trusted source.

If you receive phishing emails, you should notify your system administrator—or whoever is responsible for your company's cybersecurity and data privacy policies—as soon as possible in order to minimize damage from phishing scams and phished credentials then delete it without clicking on any links.

What is spear phishing? Is phishing different from spam?

Phishers might send out hundreds of thousands of phishing messages hoping that a few people will fall prey to their traps. Spear phishing is a very targeted effort aimed at particular employees of an organization (e.g., C-level executives). They rely on publicly available information such as LinkedIn profiles or corporate blogs.

In response to these attacks, we encourage all employees to be on the lookout for phish and regularly report phishing promises to security personnel as soon as they receive them. Keep an eye out for phishy designs or wording in unsolicited e-mail messages, such as senders asking you to verify your account information or link a new device to your company network (e.g., phone, tablet). If something doesn't look right—even if it's from someone you trust—contact IT support before acting on it. Do not click!

DON'T LEAVE IT UP TO CHANCE. TAKE ACTION TO PROTECT YOURSELF AND YOUR ORGANIZATION TODAY.