According to a 2021 CISCO report, most successful data breaches – more than 90 per cent – are the result of data phishing.

Using information gathered via a range of techniques, scammers, hackers and ransomware groups steal from individuals, perpetrate scams on groups of people and penetrate otherwise-secure company systems using captured credentials.

The exposure to such risks increases dramatically in an age of work from home or work from where you are, when remote connections to company networks can be an additional vulnerability.

It's important to understand first that phishing is not one thing.

The term describes a range of techniques that all involve a successful masquerade by a bad actor as a way to earn trust from an unwitting victim.

The only effective solution to this pervasive problem is to educate computer users, an undertaking that has to be continuous because of the changing nature of these scams. But it's the only way to encourage safe use of the internet and to close potential gaps in any business networks that they use to get their work done.

These scams are designed differently for individual home users and for business users and the goals are sometimes different.

Home users are usually targeted with schemes that try either to gather personally identifiable information (PII) to access bank accounts or to create an invented situation in which the target sends money to the scammer.

Business users are usually targeted with schemes that encourage them to send the scammer PII such as log-in credentials or other information that will make a front-door penetration of the company's computer systems.

Phishing takes advantage of the minimal investment and wide digital distribution systems of the internet to prey on a large group of potential targets.

[caption id="attachment_1135944" align="alignnone" width="1024"] CPanel scam target owners of internet domains who might be confused about how these systems work. -[/caption]

But phishing attempts that are too general drift into more obvious absurdities.

The most effective falsified communications target users with messages that are personalised, persuasively written, appear genuine, using familiar graphics and design cues and request an action that appears sensible, if somewhat dramatic.

When the work is done carefully to achieve a professional finish and a tempting lure for social engineering, these messages can fool even the digitally paranoid.

There are some hard lines every computer users needs to draw.

Do not submit PII to anyone, anywhere, unless you have initiated the contact and are absolutely clear that you are speaking with/logged into/e-mailing/form-filling in an environment you are certain is secure.

If someone calls you asking for PII and claiming to represent a company, ask for a name and promise to call back. Then call the listed number of the business or organisation.

Do not click on links requesting contact, updated information, offering incredible deals or an urgent response to an emergency situation.

Take