Today in the Evolve IT Lab, Lachie and Jason turn their attention to Phishing. Phishing emails come in all shapes and sizes, and unfortunately, no single product will fully protect your organisation from phishing attacks. A multi-layered defence against phishing attacks, combining advanced security technologies and ongoing education, is the best way to protect your organisation.
Lachie: G'day guys and welcome to the Evolve IT Lab. My name is Lachie, and we got Jase back, welcome again, Jase.
Jason: G'day, Lachie. Hello everyone.
Lachie: All right. Today, Jase, we are gonna talk about phishing what it is, how they achieve it, what their goals are I think it's a really interesting topic and something that we certainly get haunted with on the daily basis, cybercriminals and how they manipulate certain data so let's get started why don't you explain what phishing is.
Jason: Okay, so phishing is essentially a social engineering with the aim of stealing sensitive information.
Lachie: Yeah, right. Okay. So, once they get the information, what are their goals?
Jason: Okay, essentially it's about theft, and it's about making money so cybercriminals are motivated by money and they use phishing as a mechanism to make money.
Lachie: Yeah. Okay, cool. So, within those goals are they targeting certain individuals or is it something...
Jason: Yeah, absolutely. They're looking for people in positions of authority or just key decision makers, people who might have access to really sensitive business information.
Lachie: Yeah, okay. Someone that's got a lot of respect in the company perhaps. Okay. So, once they got their goals, how do they achieve those goals?
Jason: Yeah. So, they'll use the internet much the same way that you and I already do. They'll search for a target, and they'll use social media. They'll use information that can find about the company, they'll look for things that can match up, and they'll use that to build a profile on someone with the aim of targeting that person.
Lachie: Yeah, right. And so how do they target the people? Like, what information could you expect that you'd get from one of these cybercriminals in the phishing attack?
Jason: Yeah. So, they'll be looking to try and steal password information, they'll be looking at trying to access perhaps sensitive financial information, and it will often look like it comes from an entity or a business that that person may well know and know really well.
Lachie: Yeah, right. Okay, cool. So, now that we know what their goals are, how they are gonna actually achieve it, how can people protect themselves from a phishing attack?
Jason: Yes, so probably the big thing would be education, just getting an understanding about what phishing is and the mechanisms that cybercriminals use to exploit, you know, the people to try make money out of that information. They'll use social media they'll look at what information is publicly available, and education is probably key there. There are obviously tools like security software, network appliances, all these things play a part, but education is really important.
Lachie: Brilliant. So, once people are educated and everything like that, they should be able to fight back against phishing I guess.
Jason: Yeah, be able to recognise it, see it for what it is, mitigate that threat.
Lachie: Brilliant. I'd recommend everyone done as a web search on themselves just to find out how much information is out there on you, because I was surprised when I did a Google search on myself, yeah.
Jason: I think most people are, and I don't think people realise how much information is publicly available about you.
Lachie: Yeah, great. Okay, well certainly an interesting topic and I'm sure we haven't heard the last of it, but get out there do a Google search on yourself. And hopefully, you got a lot of value out of this video.
Lachie: Thank you. See you next time.
HOW EVOLVE IT CAN HELP?
At Evolve IT, we understand the unique challenges of organisations and have helped a range of business improve their cybersecuirty.