• Subscribe   
  • Subscribe   

How to stay safe in a world where phishing is more sophisticated than ever

How To Avoid Falling Victim To A Phishing Attack Online

Today’s phishing attacks are more sophisticated than ever. With cybercriminals easily able to spoof emails and websites, even usually astute employees can be fooled and fall victim to an attack. Given the cost of the average attack to a company, that’s pretty scary. That said, there are proactive steps everyone can take to improve their online safety.

And it’s important that everyone takes those steps because phishing is still behind the majority of cyber attacks today…


The 2018 Trustwave Global Security Report (quoted here) shows that phishing was the leading cause of attack (55%) in corporate network environments, followed by malicious insiders (13%) and remote access (9%).

That’s understandable. While some forms of cyber attack require sophisticated levels of coding, phishing leaves most of the work to the victim. As long as the bait is convincing enough, phishers can gain instant access to the victim’s corporate passwords or customer records, causing untold damage along the way.

It can also take a long time for it to become apparent that a phishing attack has taken place. In fact, some companies take up to five months to realize they’ve been attacked.

The cost of phishing

When organizations fall victim to these attacks, it can cost them millions of dollars. In the US alone, FBI statistics indicate that phishing attacks cost American businesses at least US$500 000 000 a year.

An evolving threat

Phishing remains so prevalent due to its continuing evolution. Cyber criminals are constantly improving their methods, making it difficult for ordinary people to keep up.

Email addresses and website URLs, for example, were once easy ways to spot that someone was attempting to phish you. But, they can now be convincingly spoofed, as can the look and feel of those emails and websites.

The cyber criminals behind these attacks move increasingly quickly too. If a bank changes its logo and branding, you can guarantee that within days, there’ll be spoof emails with the updated branding in people’s inboxes.

Nothing about these emails will appear out of the ordinary. A phishing attempt will look and feel like any other email from that bank. If anyone fell victim to it, you wouldn’t blame them.

And that’s part of the reason why phishing remains such a threat. As much work as cyber security companies, email service providers, and corporate security teams put into combating cyber attacks, people remain the weak point.

Staying safe

Fortunately, there are things that employees and organizations can do to minimize their chances of falling victim to a phishing attack.

Users, for example, should look at what kind of attachment an email contains. If the attachment includes a file with the extension .html, .exe, or .bat, they should not open it, under any circumstances.

Meanwhile, from a business perspective, education remains critical. Organizations can play a massive role in informing employees and customers about the latest phishing tactics used by cyber-criminals. Equally important, however, is that these organizations should warn employees and customers when not to respond to a request in an email.


A study by KnowBe4, found a “radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

It’s vital that these education initiatives are ongoing and that they’re executed across multiple communication channels. More importantly, this messaging should be simple and easy to remember, so that it sticks in people’s minds.

Fighting off increasingly sophisticated phishing attacks may seem daunting, but with the right business practices and security awareness programs, it’s entirely possible.

Did you enjoy the read? Then be sure to subscribe to our blog to receive more great posts from our expert bloggers.

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of sending you email communications.
  • We will not share or publish your information or process it for any other reason.
  • You may stop your email subscription at any time by using the unsubscribe link provided in the footer of our email communications. Thereafter, we will store your details as a record of the beginning and end of your subscription.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.

Grant Shortridge

Grant Shortridge

Technical Account Director, UK

Grant has over 15 years of experience in the IT and telecommunications industry. Before joining Striata, Grant worked for one of South Africa's largest mobile network operators. He started as a Project Manager at Striata in 2005. Grant has an in-depth business and technical understanding, having consulted to a variety of blue chip customers on the implementation, return on investment and enhancements of their Striata electronic messaging solution.

As Technical Account Director, Grant is responsible for a team of resources that cover sales, account management, projects, operations, development and testing. Grant holds a National Diploma in Information Technology as well as a National Diploma in Horticulture (both from Cape Town University of Technology).

Read more of Grant's blog posts here or connect with him on the following social channels: