Phishing

Phishing Must Be Considered for Privacy Controls and Data Protection

Phishing is a deception communication via email or a messaging service that deceives and entices users to open a malicious link or attachment. The phishing email may look like an email from a user’s employer, bank, or another known service provider. The link or attachment will then load an exploit that allows hackers to exploit a user’s system for nefarious reasons.

What are the precautions to take to prevent phishing: 

  • Use refreshed PC security apparatuses, for example, anti-virus software, spyware, and firewalls.
  • Never open suspicious or unknown email attachments.
  • Never uncover individual data asked for by email, for example, your name or credit card number.
  • Check the site URL is legitimate by typing the real address in your Web browser.
  • Check the site’s telephone number before ringing the number provided in the email.

What is the impact of phishing on privacy?

  • If users are not properly trained on how to avoid phishing, data misuse or loss can occur through an exploit.
  • Organizations need to have proper controls, policies, and processes in place to prevent phishing as part of an adequate data protection program.
  • Phishing is one of the top 10 attack vectors for hackers.

Types of phishing methods:

  • Spear phishing:  A malicious email targets a specific individual
  • Whaling:  This phishing targets high wealth or power individuals
  • Cloning: A legitimate email is modified to exploit the recipient
  • Link manipulation: Seemingly legitimate links take users to malicious content

Here are additional resources for information on phishing:

You just learned about Phishing, now explore related terms like Whaling and SPAM.