Skip to main content

Technology Insights Blog

Spotlight on Cybersecurity Awareness Month – Phight the Phish!

Ben Schmerler
Post by Ben Schmerler
October 18, 2021
Spotlight on Cybersecurity Awareness Month – Phight the Phish!

Phishing is the most common cyber-attack that people will encounter. You and your staff are the deciding factor on whether phishing is just an annoyance, or something that leads to a business crisis.


Week 2 of Cybersecurity Awareness Month focuses on fighting the constant threat of phishing.

According to the 2019 Verizon Data Breach Investigations Report, phishing attacks account for more than 80 percent of reported security incidents. Phishing is the most common cyber-attack that people will encounter, and yet it seems like many people underestimate how impactful it really is. For better or worse, you and your staff are the deciding factor on whether phishing is just an annoyance, or something that leads to a crisis.

So, let’s review how you and your staff can Pfight the Phish!

What is phishing and how has it evolved?

What is Phishing

Phishing is when someone sends you an email pretending to be someone they are not.
These emails are usually sent maliciously with the motivation being to get you to click through and do things like:
  • Download dangerous attachments
  • Volunteer personal information inadvertently
  • Do something with your device
If phishing was as simple as blocking a few emails, we probably wouldn’t be talking about it right now as a highlight of Cybersecurity Awareness Month.
The truth is that phishing is effective for criminals because it’s easy to do, doesn’t need to work even close to most of the time, and can be very lucrative. Phishing attacks have even evolved into phone calls (vishing) and social media scams.
These types of attacks don’t usually reveal themselves to be malicious until later down the road when the data extracted from them is used when the victim isn’t expecting it or sold on the Dark Web to someone else who wants to commit fraud or a follow up attack.


Why can’t Phishing attacks just be blocked?

Why can't phishing attacks be blocked

Spam filters block many email Phishing attacks, but Phishers are now using other means to reach their targets.

Believe it or not, many phishing attacks ARE blocked. Spam filters and other tools can often divert these attacks away. However, spam filters aren’t perfect, especially if the sender of the phishing attack took over a legitimate email account from someone that is not a known spammer.

As mentioned earlier, phishing has evolved to use non-traditional means of communicating, which have less of an ability to filter out these kinds of scams, such as:

  • Messages through a social media site
  • Text messages
  • Voicemail messages

Like many other forms of hacking and cybercrime, phishing continues to evolve, and expecting it to just go away from technology tools is unrealistic.


What's the best way to deal with the threat of Phishing?

How to deal with the threat of Phishing

Your people are your weakest security link. Phishing Awareness Training & Testing is one of the best ways to strengthen your defenses.

We now live in a world where we can be communicated with in many ways, from phone calls to email (or actual mail), text messages, alerts to our devices, private messages on social media and more. With so many ways to connect, it’s unrealistic to expect that you won’t encounter phishing threats in the wild.
The way I often put it is that we are all sort of swimming with the sharks in the ocean of the Internet. We have safety measures so that most of the time we don’t have to worry about what we are doing, but at the end of the day we must take some responsibility for our own safety in a dangerous situation.  
The most effective way of dealing with phishing is to focus on what could be the weak link in the chain: the people. 

There are so many different ways phishing messages can be delivered. Every person on your staff must:

  • Know what phishing is
  • Know they are a target
  • Know how to identify an attack
  • Know how to react when faced with a potential threat.
Phishing Testing is probably one of the most effective way to get an immediate improvement on awareness.
A typical phishing test consists of a fake email that uses themes to which a group of people could potentially be vulnerable.  For some people, this could be an email offering a free product, like a free coffee from Starbucks leading to a fake landing page, or for others it could be a fake email asking for the recipient to open a file like a contract they need to work on. 
Regardless, these tests are designed to mimic behaviors of real phishing attacks. They trigger an alert, as well as immediate education, should an individual fall for the test by clicking the link or downloading the attachment. 
Most of the time, falling for one of these tests is all someone needs to become more careful about what they click on in the future.  On the phishing testing campaigns I run, I see click rates drop very quickly as users become tempered towards fake emails and phishing techniques.  


Wrapping Up

Phishing isn’t going away any time soon, unfortunately. It’s too cheap to do and effective for the criminals. The rise of cryptocurrency also makes these attacks lucrative and easy to hide.

Rather than expect Phishing to disappear or for technology to make it disappear, you should equip your people to know how to deal with the threat. An engaged staff that understands and cares about the threat is your number one weapon to fight phishing.

At a minimum, make sure your staff is aware of what phishing is so that they can watch out for it and avoid making that one wrong click that could lead to ransomware or account abuse.


Consequences from phishing attacks and hackers are continually breaking down business operations. We can provide the backup and security you need so you don’t become a victim.




Ben Schmerler
Post by Ben Schmerler
October 18, 2021
Ben Schmerler is the Director of Strategic Operations at DP Solutions, an award-winning managed service provider (MSP) headquartered in Columbia, MD. Ben works with his clients to develop consistent strategies not only for technical security, but also policy/compliance management, system design, integration planning, and other business level technology concerns.