According to a recent report, 90% of all data breaches can be traced back to phishing attacks. Despite how common they are, however, few businesses know how to effectively protect themselves from this damaging cybercrime.

With the average cost of a successful phishing attack now costing a medium sized business $1.6million, it’s vital that you know how to identify a phishing scam and educate your employees about the risks they pose.

What is a phishing scam?

Phishing is a type of cybercrime in which an individual is contacted by someone who has adopted the guise of a respected institution, organization or individual in order to lure the target into giving confidential information – including passwords, banking details and personally identifiable information – to the hackers.

This information will then be used to access the accounts of the target, often leading to significant financial loss. When targeting businesses, phishing scams can also lead to the loss of sensitive company information, such as revenue figures.

Phishing scams were traditionally only carried out via email. However, in recent years there has been a significant rise in the number of phishing scams being carried out via text message (smishing) and phone calls (vishing).

Additionally, the occurrence of spear phishing – personalized phishing attacks which deliberately target a select target – has risen dramatically.

From messages ostensibly from your bank asking you to update your account information, to those supposedly from your employer asking you to a sign an important document, the prompts used in phishing attacks are both varied and often difficult to identify.