Phishing is becoming a major threat vector for organizations all around the world.
Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user, whether that’s clicking on a link that infects them with malware or tricking the user into volunteering information that they normally would not provide like a password or some other information that is useful to the attacker.
Frighteningly, all signs are pointing to the fact that phishing attacks are becoming more prevalent by the day. According to Webroot, nearly 1.5 million new phishing landing pages are being created monthly.
So why is phishing so popular? I can think of a few reasons.
First, it’s relatively inexpensive. Sending an email is practically free, aside from the time it takes to set it up. Not just that, but email accounts are ubiquitous. If you think about it, people often have two or three email accounts at minimum. I know I have a personal email account, a corporate account, social media accounts, etc. And these accounts are accessed on multiple devices, like smartphones, tablets, and other personal and corporate devices. So if you are the bad guy trying to start a phishing attack, one specific email could go to several devices, and then if you happen to send the same person the phishing attempt to multiple email accounts they control, you are expanding your reach of the attack even further. All it takes to have a significant cyber security incident is one wrong click.
WHAT IS A PHISHING TEST?