It’s the oldest trick in the book, originating at the same time AOL became popular. A professional, urgently worded email about a bank account balance drops into an email. It’s overdrawn! Here’s a list of recent purchases. Don’t recognize these charges? Follow the link to log in and review the purchase history. Here’s a phone number to the fraud department just in case. The email closes with a friendly reminder about overdraft charges and interest rates. A link is clicked, a site logged into – a few days later, the real bank account is overdrawn. Congratulations, that was a phishing attack and it worked.
It happens to almost everyone, and not just private individuals. In 2019, one in 99 work emails was a phishing attack. Employees received, on average, four to five of them each week.
Business owners and office workers have enough to worry about without their own emails becoming a minefield. Here’s the latest on phishing, how it’s evolved and what companies can do to stop these attacks.
Old Trick, New Tactics: A Case Study in Creativity
Phishing is a targeted social engineering hack that uses deception to trick unsuspecting users into handing over credentials or other sensitive information. It’s one of the oldest tricks, but one which Gartner identifies as the number one threat to businesses worldwide.
Phishing attacks are dangerous precisely because they hedge their bets that the email sent to a recipient will seem like it’s come from a familiar source. The recipient might expect to receive very similar communications, and thus not look so closely at the email itself. While most people won’t be fooled by emails from a Nigerian prince or wealthy foreign heiress, it’s much easier to dupe users to hand over their PayPal information, Salesforce login, or even business bank account credentials.
With cloud services becoming a more prominent feature of modern business, users are constantly logging into platforms and receiving email communications. According to Gartner, this is causing the prevalence of phishing attacks to not only grow but also achieve new levels of sophistication and creativity. Data ranks among a company’s most valuable commodity, and so hackers have evolved their tactics considerably to stay a step ahead of their increasingly digitally savvy targets.
What Phishing Attempts Look Like Today
Think emails are the only vector through which phishing attacks are sent? Think again. According to Cisco, emails are the most common vector for phishing attacks but they’re not the only ones. It’s now possible to find phishing attacks that occur via social media, instant messaging, texts, and even phone calls.
In an email, however, phishing can take several forms. Some of the newest tactics include:
● Embedded phishing attacks. A user receives an email from what appears to be a coworker with a Word attachment. Upon opening it, however, the user discovers that the attachment “requires administrative privileges” to open and is prompted to re-enter his or her Windows login information.
● Business email compromise attacks. A user receives an email from what appears to be his or her boss with instructions to make a purchase or transfer money to an account.
● Digital extortion schemes. In this attack, the hacker doesn’t even try to hide. The hacker claims to have compromising material on the recipient and will send it to their contacts if they don’t pay. Of course, the hacker has no such access, but they’ll do their best to scare recipients into sending them money using a helpfully provided link to PayPal.
Those are only a few of the more creative phishing attempts, but they illustrate just how far hackers will go to get their hands on a company’s sensitive information. Staying safe online is harder than ever.
How Managed IT Services Can Help
Staying atop of all the cybersecurity threats targeting businesses is a full-time job, one which an internal IT department might not have adequate time to pursue. That’s why managed IT services can be a valuable investment. A dedicated specialist can help a company sidestep even the most ingenious of attacks. This might include:
● Enhanced email server security. Get the right configurations and security features the company needs to keep its internal communications safe.
● Automated network monitoring. Spot unauthorized access or unusual account behavior no matter when or where it happens.
● Breach mitigation and disaster recovery. Attain the ability to respond rapidly to worst-case scenarios and get a business back on its feet as quickly as possible.
● Optimized antivirus and malware protection. Spot and quarantine malicious attachments before they have the chance to cause harm.
● Encourage best practices for email security. Get employees up to speed with email safety and phishing prevention.
DSI Helps Companies Stay Safe
Even though it’s the oldest trick in the book, phishing remains big business. Both Cisco and Gartner estimate that the number of attacks against businesses will continue to grow. As companies use more and more digital tools, there exist more opportunities to trick employees into handing over sensitive information. Stay a step ahead of cybercriminals with best-in-class security. With managed IT security, a company can enjoy optimized operations without the threat of a minefield in the inbox.
DSI is a premier managed service provider for companies in New Mexico. Contact us today to get started.