Phishing Must Be Considered for Privacy Controls and Data Protection
Phishing is a deception communication via email or a messaging service that deceives and entices users to open a malicious link or attachment. The phishing email may look like an email from a user’s employer, bank, or another known service provider. The link or attachment will then load an exploit that allows hackers to exploit a user’s system for nefarious reasons.
What are the precautions to take to prevent phishing:
- Use refreshed PC security apparatuses, for example, anti-virus software, spyware, and firewalls.
- Never open suspicious or unknown email attachments.
- Never uncover individual data asked for by email, for example, your name or credit card number.
- Check the site URL is legitimate by typing the real address in your Web browser.
- Check the site’s telephone number before ringing the number provided in the email.
What is the impact of phishing on privacy?
- If users are not properly trained on how to avoid phishing, data misuse or loss can occur through an exploit.
- Organizations need to have proper controls, policies, and processes in place to prevent phishing as part of an adequate data protection program.
- Phishing is one of the top 10 attack vectors for hackers.
Types of phishing methods:
- Spear phishing: A malicious email targets a specific individual
- Whaling: This phishing targets high wealth or power individuals
- Cloning: A legitimate email is modified to exploit the recipient
- Link manipulation: Seemingly legitimate links take users to malicious content.