Phishing attacks are so tricky that they can fool even those who are in the know. In fact, tech-savvy individuals who use the dark web fell victim themselves to a bitcoin phishing scam that was released on the dark web last October.
Deploying a phishing scam to those on the dark web is a brazen thing for hackers to do, the majority of cybercriminals keep their focus on personal and professional emails. According to the 2017 Trustwave Global Security Report, these attacks are a top factor contributing to compromised networks, and this percentage has more than doubled from 2015 to 2016. Phishing scams can mean major losses for businesses, as the Ponemon Institute reported that companies averaging the size of 1,000 or more employees could lose up to $3.77 million a year as a result of an attack. These scams are not confined to any specific industry, giving the attackers the ability to make anyone a target.
The first step in protection is getting the most effective solution for your network to make sure that the front line of defense for phishing scams is in place. Putting a powerful solution in place will go a long way in ensuring your business and your employees do not fall victim to an attack. However, it's extremely important to also educate your employees on warning signs to look out for, as phishing scams require user interaction to be deployed. Taking a deeper look at what cybercriminals do with your data can help deepen that education as well, making your defense even stronger.
Why Cybercriminals Want Your Email
Your email may not seem like the most lucrative place for hackers to focus their time on gaining access to, but they've managed to find endless opportunities to pull in high amounts of revenue from it. One particularly lucrative tactic for hackers is to sell bulk amounts of stolen email addresses to spammers. Once in their hands,the cybercriminals can send out phishing campaigns to these newly acquired addresses. Moreover, if your email account has been compromised, hackers can then attempt to act as the victim by going on to popular ecommerce sites and using “Forgot My Password” to gain access to as many accounts as possible that are connected to the address. It's important to know that a hacked email can be circulated and used for multiple purposes, so if there is any indication that yours has been compromised, it is vital you change the password right away to prevent future use of it later.
Scary Phishing Scams to Look Out for
Mass Phishing: The most common type of phishing scam entails hackers imitating email formats and templates of major banks, e-commerce sites, or even universities. One example of a mass phishing scam is when users are notified that their account is on hold and they'll need to provide a certain amount of personal information or credentials to release the account again. Embedded hyperlinks are also common, as it is much more difficult to see the full URL to ensure it is correct. With this tactic, cybercriminals are hoping to gain a target's credential information so they can have access to your accounts, including banks and ecommerce sites.
Spear Phishing: These campaigns are much more direct and customized than mass phishing. Attackers will lure specific users into trusting the faux sender by providing personal information in the email such as mobile or direct phone numbers, specific jargon, and if they are impersonating someone, mimic their online behavior as much as possible. Spear phishing attacks are typically much more targeted, and hackers take advantage of any information they have on third parties a company works with, as impersonating these business partners is an easy way to gain trust with the target. Users will then be asked to send sensitive data about themselves or an organization to this “trusted” contact, to be exploited. Some spear phishing emails also try to seed malware on the target network, and when this is done malware is usually developed specifically for that attack.
Tips to Train Employees to Spot Phishing Emails
Phishing scams have been successful for so long because they purposely exploit human error. The most basic way to combat this vulnerability is to continuously educate yourself and your organization through regular security awareness trainings, keeping these attacks top-of-mind. These trainings can remind everyone that trusting all embedded links and suspicious looking pop-up windows can lead to bigger issues for all devices connected to your network.
As more companies are going through digital transformations and adopting cloud-based technologies, they are facing an added level of difficulty with protection. Cloud services have made it easier for hackers to access data from anywhere, giving criminals even more opportunity for success. Protect all employees and users on your network from being scammed through phishing attacks by setting up a solution that meets your organization's security needs and protects vulnerabilities on your network. With the right security solution protecting your network you can rely on it to inspect incoming emails, continuously monitor for malicious or suspicious sites, or even catch any malware sent as attachments or in links as it comes through.
By taking the above steps and educating your organization, you can help ensure your company is one step further away from contributing to the income of cyber criminals through these malicious scams each year.