What Is Phishing? And How Does It Work?

Not all cyber attacks involve a brute force attack. While brute force attacks are responsible for countless intrusions and, subsequently, data breaches, there are other ways for hackers to infiltrate an otherwise protected network or database, such as phishing. As a small business owner, you should take precautions to protect against phishing. First, however, you’ll need to understand how phishing works.

What Is Phishing? Get the Facts

Phishing is a cyber threat that involves enticing or compelling a person or business to willingly provide a hacker with sensitive information, such as their login credentials to a network or database. The hacker typically presents him or herself as a trustworthy individual. The victim assumes the hacker is a legitimate person, such as an employee or executive, so they honor the hacker’s request by providing him or her with their login credentials.

A typical phishing attack may involve the following stages:

  • The hacker sends the victim an email disguised as a legitimate, credible figure.
  • In the email, the victim is asked to log in to his or her network or database to verify their information.
  • The victim clicks the link and enters his or her login credentials.
  • Upon entering this information, the victim unknowingly provides the hacker with access to the network or database.

The Growing Threat of Phishing

With email being the preferred method of communication by millions of individuals and business owners, phishing attacks have become more common in recent years. According to a report by Verizon, 98% of all social media-related breaches and intrusions are caused by phishing. But phishing can jeopardize more than just your small business’s social media presence. It can have wide-reaching ramifications that threaten the very livelihood of your small business.1

How to Protect Against Phishing

Like all other cyber threats, there are ways to protect against phishing. First, avoid clicking links in emails with suspicious URLs. If you receive an email from someone claiming to be a representative at your small business’s bank, look at the URL to see if it matches with the bank’s official website URL. If it’s not exactly the same, don’t click it.

Second, don’t download file attachments in emails before verifying them. If an executive recently sent you an email with a file attachment, call that person to verify he or she really sent the email.

Third, install and (and use) a firewall on your computer. A high-quality firewall can automatically detect and block phishing emails, preventing them from reaching your inbox.