What is Phishing?
Phishing is a type of social engineering attack often used to steal user data. These attacks can have devastating impacts on individuals and organizations. Specific anti-phishing training can raise awareness and help prevent successful attacks.
Phishing is a Problem
According to the Anti-Phishing Working Group’s (APWG) Phishing Activity Trends Reports, phishing attacks are a huge and growing threat, and even doubled in 2020.
- 32% of breaches involved phishing (PhishingBox)
- 64% of organizations have experienced phishing attacks (PhishingBox)
Organizations see phishing as a security threat. Their users’ credentials can be used to access protected information, or malware may be uploaded to take control of data or systems.
What can we do?
Phishing won’t stop on its own. Malicious individuals and organizations will continue to use phishing mechanisms to try and gain access to information.
What we can do is to make sure that every individual is aware of phishing and is trained to recognize phishing attempts. Anti-phishing training helps individuals increase their awareness about phishing and think about what such attempts may look like. It can help individuals avoid “clicking” which would prevent the attack from starting. If the initial victim does not “click,” the phishing attack stops. The data breach would not occur, nor would there be any upload of malware. If there are enough unsuccessful attempts, the hope is that phishing attacks may cease because they would not be successful nor profitable for the attackers.
CITI Program Anti-Phishing Training
We added a new module entitled Anti-Phishing: Strategies to Identify and Combat Phishing to our Information Security course. This course covers basic information security topics and best practices, including for protecting your computer and devices, picking a password, safer emailing and messaging, safer social networking, safer web browsing, and security for remote workers and workplaces. Our new module on phishing adds to this course with anti-phishing awareness and strategies.