At one point or another we are all be targeted by phishing scams. These scams can be done in the form of emails, phone calls or text messages. Some are obvious scams and some are elaborate schemes. If you’ve ever wondered about the thinking behind phishing, here are the five W’s of phishing, with thanks to the Datacom blog:
Who: attackers look to target as many people as possible with the same scam email to ensure increased chances of success.
What: attackers are often looking to generate financial gains. This can be done through a number of ways, including accessing your credit card details and selling the information they collect from you.
Where: it is difficult to pinpoint where phishing attacks come from. Unlike early phishing scams, scams today are sometimes articulated very well.
Why: phishing scams are still effective as it uses our own psychology against us. Scammers depend on human emotion, we’ll always respond to stimuli in very human ways. This makes scams difficult to prevent.
When: generally we are getting better at spotting phishing scams although some scams may throw us at times as phishing attacks are still the first-choice method of cyber attackers.
Some of the scams are getting very sophisticated. Some very closely replicate the branding and approaches of major online providers. Others have done their homework - checking out the public web presence of senior managers so that they can send requests to junior staff to pay invoices that look as if they come from the senior managers. It is worth spending some time with staff to talk about phishing scams and to establish in advance protocols for dealing with suspicious circumstances. This is especially important when staff may be working from home - being in different locations means that more email communication may be going on and when in a hurry, mistakes can be made.