What Is a Phishing Attack?

This notorious scam has dominated the email threat landscape for decades. A phishing attack tricks users into sharing
sensitive credentials or downloading malware. This is done when a malicious actor poses as a reputable party and then sends
fraudulent emails with this goal in mind. Phishers typically employ social engineering techniques to craft well-researched,
convincing phishing campaigns. Phishing emails often contain malicious URLs that direct users to fraudulent websites where
credentials are collected; however, attackers are increasingly employing stealthy fileless techniques in an effort to evade
detection.

Costly Clicks - Beware of Phishing Links

Clicking through a malicious link embedded in a phishing email attack can have severe consequences, including data loss or
theft, account takeovers, Business Email Compromise, and financial issues. One wrong click can also result in serious
reputation damage and significant downtime - or even permanent closure - for businesses. Sensitive information stolen in a
phishing email attack can be used to initiate fraudulent wire transfers in which a victim is tricked into transferring funds to an
account controlled by the attackers. The FBI has released that a reported $221 million was lost to wire transfer fraud in 2019 -
and only 15% of wire fraud is reported. Compromised email addresses can also be used in dangerous Email Account
Compromise (EAC) scams to attack other accounts.

Clicking on a phishing link or opening an attachment in one of these messages may install malware, like viruses, spyware, or
malware ransomware, on your device. This all happens behind the scenes, so it is undetectable to the average user. In some
cases, even opening spear phishing emails can result in the installation of ransomware, spyware or other dangerous malware.
Ransomware victims typically experience significant downtime and data loss.

Businesses can protect against phishing by implementing a layered supplementary cloud email security software solution that
offers malicious malware URL scanners and protection and uses multiple email authentication protocols to detect email
spoofing and prevent sender fraud.

Don’t Rush! Stop and Think Before You Click

Always take time to stop and think before interacting with an email in any way. Phishing attacks
often convey a sense of urgency to dissuade recipients from engaging in this best practice.

How Do I Know if I’ve Clicked on a Phishing Link?

Before anything, it is essential you confirm you interacted with a phishing link, which can be confirmed by inconsistencies in
the sender’s email address, links, and domains. Hovering your cursor over the link before clicking provides a preview of the
URL, a domain that doesn’t exist is likely to be a phishing link. After confirming the phishing link, you must stop interacting
with the page and delete any downloaded files. Search for the intended target site using a search engine. Compare the
legitimate web address and content to the phishing site. Watch for suspicious account activity, calls, or texts. If attackers have
previously collected your data successfully, victims may receive additional calls or messages asking for further action, as
there is a higher likelihood the victim will engage after falling for a previous attempt.

What if I Clicked on a Phishing Link on My

Smartphone?
Smartphones can be hacked via phishing links in text messages, emails, or software. By interacting with a phishing link, you
risk accidentally downloading malware or being redirected to a malicious website controlled by hackers who intend to collect