Cybersecurity Awareness - March 2025


Article Body

NEED TO KNOW NEWSLETTER | MARCH 2025

Don't fall for these phishy tricks

Common phishing tactics

 

According to the 2024 Verizon Data Breach Investigations Report (DBIR), phishing is a significant cybersecurity threat, with the following key statistics.

 

Phishing is involved in 36% of all breaches, maintaining its position as one of the most common attack vectors.

Social engineering (which includes phishing, pretexting, and other deceptive tactics) is responsible for 74% of breaches when combined with other attack types. Credential Stuffing and phishing are also significant contributors, with phishing being a leading method for attackers to gain initial access to victim networks.

Email remains the top delivery method for phishing, underlining the need for organizations to be vigilant about phishing emails and implement strong email security measures.

These numbers indicate that while phishing is not new, it remains a persistent and critical threat, especially in the context of breaches and data compromise.

But knowing that phishing emails are out there and dangerous is not enough. It’s essential to be able to recognize one. Take a look.

Urgent message: An urgent phishing email is designed to get you to act fast. It might tell you that your account was hacked or will be deactivated — click here to restore it! Unfortunately, urgent phishing messages are common because they work. Fear makes people do things without thinking, so slow down!

Login or password message: Another type of phishing email asks you to verify your account by logging into a (fake) webpage or clicking a button to update your credentials. These types of emails can collect your username and password, giving
a hacker instant access to your account.
 
Internal message: Hackers will try to impersonate someone at your company, real or fake. They might impersonate someone in the HR department, IT department, or even a coworker. An internal message phishing email might ask you to click on a link to read and sign a policy document, read a document about a company-wide update, or even try to request sensitive information.

Reward or free gift message: Free things are enticing, but they can also be dangerous. If you get an email saying you won a free TV or “click here to enter a prize drawing,” be on high alert! Hackers are trying to bait you into clicking a malicious link.

­Help! I might be getting phished. What should I do?

 

If you think you have received a phishing email, it’s important to slow down and examine it. First, look at the sender and domain of the email address. Hover over any links and see where they might direct you to. Other phishy identifiers might be misspelled words, incorrect dates or odd requests. If you see anything report it to your IT Department.

They can help you figure out if it’s a phishy email. Whatever you do, do not click on any links, reply to the email, or send it to anyone else!

 

Phishers attack at many levels

Everyone is at risk of phishing, no matter where they are in the food chain. Phishers specifically target CEOs and high-level executives with special phishing attacks intended to entice or fool them. These are known as whaling attacks.