Phishing is a fraudulent attempt at gaining access to someone’s personal data, such as passwords or credit/debit card numbers. Although it is a crime under law, phishing is still a widespread practice that is used to steal information from people. Phishing is a form of identity theft that involves the illegal use your identity. Cyber thieves use email and sign-ups for fraudulent websites and pages to phish the Internet.
You may stumble upon a page, offer, or website while browsing the Internet. This is the bait. Internet users might be lured by free software, appealing websites, or the chance to win a fortune. Clicking these links will redirect you to another site, which may require you to sign-up to gain access to further information. It seems all quite innocent when you are asked for your email, phone number, and social media information. You will be prompted to click on malicious links to install key-loggers, ransomware or system monitors on your system. This will allow you to access all user data and further activity.
No matter if you are an individual or part a large company, you could be a phishing target. Phishing is usually done through emails. These emails often end up in the spam folder, but occasionally make it to your inbox. Attackers know that even a statistically low click-through rate can make them large profits.
According to TheWombat 2016, the State of the Phishreport, 4/5 organizations have been the victims of phishing attacks. This represents approximately 80% of the market segment. Further, the report states that these attacks are increasing in frequency and severity. The Wombat report confirms a far worse statistic than the chart above. It states that 85% of victims were victims of attackers.
It is also surprising that phishing awareness is still low. The US found that 65% of those reporting phishing attacks had never heard of the term. 17% of those who reported them were incorrect in their interpretations, leaving 18% without any clue.
It is important to understand how phishing works. According to Verizon 2016 DBIR email attachments are the most popular delivery method for malware. Web-driven by links is at #2 and email links is at #3. Additionally, network propagation and download by malware share an equal incident count at #4 & #5. TheProofpoint Q3 2016 Threat Summary states that 97% of phishing email sent ransomware in Q3 2016.
Other than common email users, CEOs, CFOs, or other executives, are the most vulnerable to phishing attacks. These attacks are known as spear phishingorwhaling attacks. This is because high-ranking decision-makers are highly prized for having access to sensitive corporate information and the authority to authorize wire transfers. The targeted executives can also be easily targeted by a personalized email (drawing data directly from their LinkedIn profiles or bio online). This makes the process more convincing. Here’s an example of a phishing email body:

How to Prevent the Phish from Being Feeded
Here are some key points to remember in order to avoid feeding fish.
Learn how to recognize phishing emails. These emails would likely contain a duplicate of the real company, copy the name of a company and its employees, and have domain names similar to the business venture. They would promote gifts or the loss or existing account information.
Be sure to verify the source of information in incoming emails. Users must be aware that their banks will never ask for their passwords or banking information. Don’t respond to such questions. If you have any doubts, contact the bank immediately.
Beware of hyperlinks. These can lead you to fraudulent web pages that act as phishing traps. Hyperlinks that mention your bank or office should not generally be accessed via suspected emails. These could lead to fraudulent websites. Instead, enter the URL directly into your browser.
Change your passwords periodically:Separate accounts should not be linked with a similar password. You should also change your passwords every so often.
Disable macros: Some ransomware that targets salespeople needs Microsoft Office macros to work. These macros can be disabled in all areas of the network to prevent salespeople from accidentally enabling them.
Avoid random signups. It is best to avoid sharing personal information on untrusted pages and websites. Avoid downloading software from unknown developers and clients.
A runtime malware defense can be added to the antivirus.