Phishing

Phishing Must Be Considered for Privacy Controls and Data Protection

Phishing is a deception communication via email or a messaging service that deceives and entices users to open a malicious link or attachment. The phishing email may look like an email from a user’s employer, bank, or another known service provider. The link or attachment will then load an exploit that allows hackers to exploit a user’s system for nefarious reasons.

What are the precautions to take to prevent phishing:

1. Use refreshed PC security apparatuses, for example, anti-virus software, spyware, and firewalls.
2. Never open suspicious or unknown email attachments.
3. Never uncover individual data asked for by email, for example, your name or credit card number.
4. Check the site URL is legitimate by typing the real address in your Web browser.
5. Check the site’s telephone number before ringing the number provided in the email.

What is the impact of phishing on privacy?

1. If users are not properly trained on how to avoid phishing, data misuse or loss can occur through an exploit.
2. Organizations need to have proper controls, policies, and processes in place to prevent phishing as part of an adequate data protection program.
3. Phishing is one of the top 10 attack vectors for hackers.

Types of phishing methods:

1. Spear phishing:  A malicious email targets a specific individual
2. Whaling: This phishing targets high wealth or power individuals
3. Cloning: A legitimate email is modified to exploit the recipient
4. Link manipulation: Seemingly legitimate links take users to malicious content.