Cybercrime continues to harass organisations and individuals globally. There is no sign of it going away, and as hackers continually find new methods to infiltrate systems, businesses need to be vigilant with their cybersecurity.
A prominent part of cybercrime vocabulary is the term phishing, a term coined in the mid-nineties, and the first rumbling of what would become a major criminal issue in the future.
Even if you know what the term phishing involves, keeping it at the forefront of your mind in regards to cybersecurity is important, particularly if you run a business. Year after year phishing attacks grow in sophistication. It’s everyone’s responsibility to be informed on the types of scams out there.
The Industry Essentials series has been designed with MSPs in mind. The content is provided to repurpose and reshare to help educate your end user customers as you see fit.
What is Phishing?
Phishing is a cybercrime that targets individuals or organisations, contacting them by email, telephone, or text message. Contact is made by someone posing as a legitimate institution, with the aim of duping individuals into sharing sensitive data. The data they want to obtain is anything personally identifiable, such as banking and credit card details and passwords. If the information is stolen it can result in identity theft and financial loss.
The attacks rely on user error. In the past, it may have been easier to spot a phishing attempt. However, cybercriminals are becoming increasingly skilled at making an email or text message look authentic.
As it only takes one person to make a mistake, businesses need to think about how they keep their professional and private data secure.
According to research from Ironscales, since March 2020, 81% of IT managers and directors have seen an increase in email phishing attacks. With increased activity believing to have stemmed from the adoption of remote working, it’s thought that employees are becoming more complacent with cybersecurity.
Phishing is the overarching term for scams targeted through email, phone, and text message. There are different types of phishing techniques, although they might have slightly different approaches, the outcome they want to achieve is the same.
Blanket phishing is a non-targeted approach. Criminals play a numbers game, sending out a blanket email or message to hundreds of thousands of individuals in the hope that a percentage will make a mistake and share personal information.
Targeted phishing is when the contact already knows some information about an individual. The information could have been collected by several means, legally from public information or illegally from a previous phishing attack. Receiving an email with your name, company, or job title in, may result in you thinking it is a legitimate contact. Statistics tend to show targeted phishing attempts are the most successful.
A targeted phishing attempt on the more senior people in a company, such as the chief executives, and CEO’s is called whaling. By targeting the people at the top, if successful, the information they could obtain holds much more value. Additionally, individuals in these roles are more likely to be public facing, with contact information freely available on websites and platforms like LinkedIn.
High profile phishing attacks
Most hackers target businesses to capitalize on inefficiencies they find in a network. No business big or small is immune to an attack. Cybersecurity breaches are continually hitting the news. There have been some infamous attacks in the past, racking up significant losses for the companies involved.
In 2015, a group of hackers infiltrated Sony’s network using a campaign of spear phishing emails. The emails were targeted at system engineers, admins and other people who accessed the network. The scam is famous for its ingenuity. Simple messages asked employees to verify their Apple IDs due to ‘unauthorised activity’. It apparently went on for a while until the hackers got lucky and gained access to their Microsoft System Centre Configuration Manager. Gaining access to this allowed hackers to install software on everyone’s devices and flood Sony employees' computers with malware.
This phishing campaign was said to have lost Sony around $83 million. Loss of money, sensitive information and harm to a company’s reputation can cause irreversible damage, particularly if a company continues to suffer security breaches.
How to stay safe
Phishing attempts are common but there are things everyone can do to try and reduce the risk of falling victim to one of the sophisticated scams. Using anti-spam software is a start. Anti-spam software works by filtering incoming emails, searching for malicious software and stopping it from reaching the inbox if anything is found.
Additionally, businesses must train their staff. All levels of employees in a company need to be trained, including bosses, who, like we’ve already mentioned, can be the more desirable individuals to target. Investing in training from experts like KnowBe4, a world-leading security awareness training and phishing simulations platform, can help you reduce the risk of your business having a security breach.
Stopping cybercriminals is out of your control, but keeping up to date with your business security measures isn’t. Keeping you and your employees informed on how to spot phishing scams is a necessity and could save you from a future security breach.