Phishing is a popular tool used by cyber terrorists to infiltrate corporate IT networks. Because phishing attacks come in the form of an email message to an internal user in your company, they can rock your world with just one mouse click. Some of the most notorious cyberbreach incidents in the world were instigated by a phishing email. Here’s what to watch for and how to keep your organization safer in 2019.
Understanding the risk — what is phishing?
Phishing is a type of cyberattack that can take the form of an email message from a bank, credit card company, or other trusted vendor. It is one of the most insidious forms of network infiltration devised by hackers to wreak havoc on corporate IT structures.
The goal of the phishing email is to steal user data, which could include logins to sensitive systems within your corporate infrastructure, credit card information, social security details, or anything else that a hacker could use to their advantage. The phishing email is designed to trick the end user into clicking on a link that, while looking legitimate, is a type of Trojan horse that opens malicious software (malware) behind the scenes.
Ransomware is one of the most widespread malware programs that can launch from a phishing email. Ransomware encrypts all of the data in a closed network environment, placing a ransom note on computer terminals that says the files will unlock when a fee, usually in bitcoin, is paid.
Ransomware caused 39% of all the cyberbreaches last year — double the number from the previous year. And 87% of these attacks compromised corporate data within minutes.
In the corporate world, phishing emails can be part of an advanced persistent threat (APT), which is a coordinated effort by hackers to bypass corporate security and gain access to your network. The end result can be severe financial losses and reputational damage.
The next phase of phishing
Cybercrime will cost $2 trillion in 2019. More sophisticated spearfishing scams, aimed at specific individuals or companies, will target corporate passwords and seek to capture corporate data. Mobile fraud will increase, including mobile ad fraud called SDK spoofing. Phishing scams will incorporate:
- Dear customer attacks, which use a generic greeting to kick off a fake email.
- Brand name attacks, which use the company name — and sometimes the company logo — to fool you into thinking they’re the real deal.
- Lottery scams, which play on our desire to win by claiming you’ve won big money.
- Pharming, which redirects the end user to a website that looks legitimate — but isn’t.
- Smishing, which goes after your smartphone data via a text message that appears important.
- Banking scams, including the ACH transfer trick, which says your transaction failed. The end user panics, thinking someone has hacked his or her account. By the time they click the email, someone really has.
- Pop-up scams, which are tied to pop-up graphics that look as if they’re part of the site you’re on. But the bogus popup takes you to a fake website where your data can be siphoned.
As hackers learn from their mistakes, phishing will grow more sophisticated and corporate risk will grow. How can you protect yourself?
How to protect your company from phishing attacks in 2019
Creating a culture of cyber awareness and putting the right technology tools in place are two of the most important things you can do to mitigate risk. Specifically, companies should:
- Hold regular security awareness training with mock phishing exercises.
- Deploy spam filters to detect viruses or other anomalies.
- Use a strong anti-virus solution and monitor the tool.
- Deploy a web filter to block fake websites.
- Encrypt emails at rest and in transit.
- Keep internal IT systems up to date on the latest security patches.
- Develop security policies related to passwords.
- Partner with a third-party vendor to conduct regular security assessments.
Phishing scams are getting more sophisticated. It seems that hackers will stop at nothing to steal your information.
SecureNation is standing by to help your company stay safe against cyberterrorism. Contact us today.