5 myths about phishing attacks you shouldn’t believe

There’s a lot of information out there about phishing attacks – and plenty of misinformation, too. Believing the wrong thing about these attacks could end up costing you big time.

Here are 5 myths that should be dispelled right away. 

1. It’s a trap for non-tech-savvy users

Some people believe older, less tech-savvy employees are the only ones who fall for phishing attacks. But that’s not the case.

Phishers are getting better and better at their craft, to the point where even those who know a thing or two about security are prone to making huge and costly mistakes. Even IT departments can be targets of attack.

2. They go after low-hanging fruit

Time was, phishers would target someone – anyone – in an organization to gain a foothold into the systems. Administrative assistants, low-level employees, etc.

But these days, the attacks are getting more and more pointed. Some employees are at an especially high risk of attack. For example:

  • Payroll and HR. With the tax information of employees (that can be used for return fraud) and a treasure trove of Social Security numbers and other sensitive info, there’s no wonder these users are among the most frequently targeted.
  • Accounts payable. If you’re looking for cash, these are the people you’d want to fool the most.
  • Systems admins. If you have administrative credentials, the world is your oyster. That makes high-level IT pros a difficult, but attractive target.
  • The C-level. These are the people who generally have the most access to the most data. No surprise they’re the big target.

3. Spam filters catch most of it

Automated security solutions are fine. You should definitely have them.

But if you’re thinking they’ll protect you against the best phishing attempts, they won’t. These aren’t email blasts that go out to thousands of recipients, they’re messages crafted to hit one person and one person only.

Many domains and phrases will be weeded out by the filters. But you can be sure that many others won’t.

4. They all want the same things

Phishers aren’t always after passwords, or information, or even money. Some may be interested in multiple things. Some may not even know what they want, and will decide once they have access to your systems.

The reasons for an attack are as varied as the methods phishers use. So your defenses need to be robust.

Train every user what kinds of things attackers may be after so they don’t remain silent about a potential attack assuming it’s not important.

5. You’re not a target

Chances are you’ve already been targeted. And if not, you soon will be.

Prepare as if the message is coming tomorrow. Train your users today.