What is Phishing?
Phishing refers to any fraudulent use of communication systems including email, websites, messages systems, and phone calls. A phishing attack is any attempt to obtain sensitive information, account access, or money by posing as a reputable source. There are many different types of phishing attacks such as spear phishing, clone phishing, web based delivery, link manipulation, voice phishing, and SMS phishing. All phishing attacks have a common underlying theme; they use social engineering and exploit vulnerabilities in technology security to gain information, access, or money from their victims.
It is likely that the name originated from the use of some type of “bait” to trick victims into giving access to their information, although it is also possible that it arose from the symbol (<><) used by early phishers to avoid detection from AOL enforcement. The alternate spelling is likely related the the term “phreaking” which refers to an earlier practice of hacking into phone systems to place calls for free.
Victims in phishing attacks include customers and employees of a targeted business. As a result, the damage is usually more extensive than a simple monetary value. When a business is targeted in a phishing attack, the employees often look foolish, and the customers often feel violated. Blame for a successful phishing attack often is placed on the business that was phished, despite the fact that they did not send the malicious spoofed email. Phishing erodes trust in the business and damages the business’s brand.
Although it may seem unfair to blame the company for the actions of unscrupulous individuals, there are protocols that, when utilized correctly, can block spoofed emails. It is the responsibility of the company to protect its customers from fraudulent emails. The domain owner is the only one with the power to block these attacks. When businesses don’t secure their email using DMARC, SPF, and DKIM, they are putting their customers’ information and brand reputation on the line.
If phishing attacks are so damaging, and it’s already possible for companies to block spoofed emails, why are most domains unprotected? Even though there are solutions available, implementing email authentication protocols correctly can be difficult. Incorrect implementation is ineffective at best and highly disruptive to a company’s legitimate email flow at worst. Fraudmarc offers a solution to the challenges of email authentication. We provide several options to help businesses navigate their email policies and correctly configure them to secure their domain. Simply put: legitimate emails make it to your customers’ inboxes, and spoofed emails get blocked.