What Is Phishing?

We'd like to throw a quick statistic your way. According to KnowBe4, 91% of successful data breaches start with a Spear Phishing Attack. Why is this significant? This number proves that end-users are the top vulnerability when it comes to IT security.

Now that we have gotten your attention, we'd like to provide you with a breakdown of what phishing really is, how it works, and how you can avoid being a target and the weakest security link.



Phishing is when hacker sends an email to a user in hopes that the individual clicks on a link or opens an attachment within the email. Once the link is clicked or attachment opened, the hacker gains access to the personal information of that user on that device. Afterwards, they can gain access to the network, and once they gain access to the network they can do the same thing to any computer that's connected to that network. All with just one click.



First Step. You can receive a phishing email despite the antivirus software or extra protection your organization has in place, so you can never be too careful. Hackers can get their hands on thousands of emails by using scripts on large search engines. Then, by conducting a little research through your organization's website or social media platforms, hackers can get an idea of what kind of antivirus software is used within your company. They can then customize an attack to fit you before sending a flawless, undetected email.

Second Step. Whoever wants to steal your information will reverse the traffic on your network back outside of your organization. To do this, they connect their hidden network directly to yours, making it difficult for your IT security software to recognize and stop.

Third Step. It's important for hackers to make the phishing email seem as real as possible, so that users mindlessly click on the email. This email doesn't have to necessarily come from a stranger. It could be in the form of a friend, spouse, supervisor, or even a brand.

Once a user clicks, hackers have the power.



Prevention is all about constantly being on the defense. It's important to educate and train all end-users throughout your organization, and it's all about working to make sure your IT environment is properly secured in all aspects.

According to the  Cisco Security Report, 57% of cyber-attacks derive from user behavior, an example being the act of clicking on malicious links within emails. Information is the core of every business and is something that needs to be protected. Company data is too significant to compromise over a phishing email that can be prevented. 


Don't be the next big fish a hacker catches.