Help your business avoid becoming a victim of phishing

Help your business avoid becoming a victim of 'phishing'

Phishing. The word is a merging of the words ‘fishing’ and ‘phony’ and was invented in 1996 to describe a technique used by a group of hackers to steal user names and passwords. The cyber criminals were fishing for victims who took the bait.

Every day, our IT systems discard large amounts of unauthorised mail such as spam and phishing. But it has become increasingly difficult to spot the difference between malicious mail and legitimate mail. The fraudsters have become experts at producing authentic-looking emails, and they have learned to customise their mail for specific employees.

In a busy moment, it's easy to be caught off guard and accidentally open such an e-mail without even realising that something is wrong. Opening the email won't do any harm, but you could be in danger the moment you actually click on a malicious link, open an attached file or respond to an email by sending personal details or confidential information.

If you don’t take care and get caught unaware in a phishing-trap, the criminals could steal money and confidential information from you, or they could add spyware to your computer in order to “milk” your organisation for confidential information and data. They could steal your passwords and access your other online accounts, or they could install malicious software to blackmail you to pay them high amounts.

Phishing email examples

Ransomware is a sophisticated type of phishing technique, where the recipient of the email is encouraged to open an attachment or a link which instantly, but secretly, starts a search of all available drives on the victim’s computer. All documents will then be encrypted and locked, so no one can access or use them without a decryption key. The next thing that happens is that the criminals require payment to hand over the decryption key. This has happened both to individuals and businesses, and can be very costly. The security and risk research company CSO estimated in 2018 that the average ransomware attack costs a company $5 million.

Another dangerous 'genre' of phishing is called CEO fraud. That is when you receive a false email which looks exactly as if it came from the Chief Executive Officer, at a time when this person has travelled or is away on holiday, and in which there is a request for an urgent bank transfer.

We have produced a separate cartoon video about each of these targeted types of phishing, so-called ‘spear-phishing'’, which have caused huge losses for companies where an employee took the bait.

Phishing is BIG business
Cyber crime is an incredibly lucrative economy. Dr Michael McGuire, a senior lecturer in criminology at the University of Surrey, has estimated that annual profits of $1.5 trillion are generated by taking advantage of data and security settings. “And that is actually a pretty conservative estimate,” Dr McGuire told The Independent.

This is another reason why cyber criminal activities are a threat companies cannot afford to ignore. Grim stats stats provided by Commsnet Group tell that 60 per cent of small to medium-size businesses that get hacked do not recover and cease trading.

Data breach triggered by phishing email
Trouble with the nasty phishers is that it is difficult to make technical systems that completely protect against phishing, because it is the the employee – the human factor – which often is the weakness link in a company’s protection shield against cyber attacks.

70 per cent of data breaches are down to a human error, and what's worse: 90 per cent of employees don't follow their company's cyber security polices, according to research by Commsnet Group.

In short, there is no way around it: Everyone of us must be vigilant and alert when we work with emails.