Falling prey to clever criminals tricking employees into handing over sensitive corporate data? If not, a company should consider itself lucky. The average employee receives four to five phishing emails per week.
Phishing falls into the category of social engineering cyberattacks, which Accenture has identified as one of the most common types of attacks in 2019. Indeed, other studies show that some 41 percent of all cyberattacks this and last year were credential harvesting campaigns—carefully crafted emails and websites designed to fool users into handing over their information to hackers.
As the business world leans more heavily into the digital environment, and data becomes increasingly valuable—and vital—to operations, cyberattacks are only going to grow. Phishing is the oldest trick in the book, and still one of the best. It works, and cyber criminals show no limits in their creativity. Here’s how to defeat this threat in 2020.
Old Tricks, New Tactics
Email phishing has been around for a quarter of a century, with the first attacks targeting AOL logins around 1995. These emails were sent to AOL emails harvested from the internet and convinced users to log in to their AOL account via a helpfully provided link to update their personal information.
These days, most savvy web users would recognize such an email for what it is and discard it outright. To counter this, cybercriminals have stayed a step ahead of the game. Phishing now routinely deploys such tactics as:
- Spear phishing and credential harvesting. Emails from trusted, but compromised, senders from which the employee might be expecting communications are known as spear-phishing attempts. They’re targeted, personalized, and hard to spot.
- Business email compromise attacks. Criminals with knowledge of the company may send emails masquerading as a C-suite or high-level executive to trick employees into carrying out business functions fraudulently.
- File phishing. Some phishing attempts send along a “password-protected” file attachment.
- Digital extortion. This is a phishing attack where a hacker claims to have accessed contacts or data and will send them compromising materials related to a user unless a ransom is paid.
- Receipt and invoice phishing. Some users may receive fake receipts or invoices for purchases they didn’t make, then be directed to a login site when they go to investigate.
- Advance fee phishing. A spin on the classic “Nigerian Prince” scam, some advance fee phishing attacks will come from compromised contacts from which the employee might genuinely receive a payment.
Phishing now rarely looks like a counterfeit email full of spelling mistakes and amateur graphics. Data is big business, and hackers have adopted the professionalism to match.
What Makes Phishing Emails So Lucrative… and Dangerous?
Phishing attacks are dangerous for two primary reasons. First, they’re rarely random. Instead, they take the form of counterfeit communications that are familiar to employees and which they might expect to receive. For example, while a phishing email sent to a company email trying to harvest an eBay login might be suspicious, one for a Salesforce login might be much more believable if the company uses Salesforce to manage its customer data. This suggests that the hacker has some nominal intelligence about who works for the company, what services the company might use, and who is likely to have access to those accounts.
Second, phishing emails bet on employees being overworked, moving quickly, and not paying attention. This is particularly true when employees are checking their work email on their phones. The small screen size and the likely distracting environment work in a phishing email’s favor.
How a Managed IT Service Can Help
Today’s employees are practically bombarded with scam and phishing emails, demanding the need for robust email security. Learning how to spot a phishing email is simply no longer enough as cybercriminals devise ever cleverer ways to fool users into handing over sensitive information.
A managed IT service can help companies stay a step ahead of these schemes. Whereas each different tactic might be new terrain for a company, there are a few tricks which inveterate security professionals haven’t seen before. Likewise, a managed IT service constitutes an extra set of eyes monitoring network traffic to spot unauthorized users before they have a chance to cause harm.
Companies struggling with phishing or other social engineering techniques can get a solid leg up with the guidance of security experts. Managed IT services specialize in security so that companies can continue to specialize in what they do best: their business.
Get Next-Generation Security for Next-Generation Threats with CDS
As 2019 has shown, cybersecurity is big business. Hackers have realized that companies large and small constitute a goldmine for lucrative data, and they’ll go to any lengths to acquire it. As phishing attacks become more sophisticated and harder to spot, it takes a seasoned expert to spot, stop, and prevent them. Fortunately, with an experienced managed IT service supporting a company’s IT department, these threats can be neutralized before they have a chance to occur.
CDS helps companies develop best-in-class security solutions for an array of challenges. Contact us today to learn more.