According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA – cisa.gov), “more than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.”

Phishing attacks use email or malicious websites to infect a computer with malware and viruses, which are used to obtain personal and financial information. The cybercriminals’ goal is for users to click on a link or open an attachment that infects their computers. Phishing emails may seem like they come from a real financial institution, website, government agency, or even a law firm. When users respond with the information requested (which could be an account number or a Social Security number) or click on a link, the criminals use the information to gain access to the accounts.

CISA has published an excellent infographic with practical information on how you and your firm can prevent a phishing attack.

At the Law Offices of Daniel J. Siegel, LLC and Integrated Technology Services, LLC, we regularly educate and advise our clients about dangers of phishing attacks and also offer training so that employees recognize the cybercriminals’ efforts and thwart them.