Cybercriminals have access to more advanced methods of attack than ever before, and now cybercrime is skyrocketing.
According to Industry Week, “over the course of 2018 the U.S. experienced a 350% increase in ransomware attacks, an increase of 250% in spoofing or business email compromise attacks and a 70% increase in spear phishing attacks.”
Phishing attacks today are sophisticated and capable of compromising businesses. Businesses, particularly small businesses, can’t afford to fall victim to cyberattacks. The average cost of data breaches in the U.S. rose from $4.9 million in 2017 to $7.9 million in 2018. This makes data breaches in the U.S. more costly for businesses than anywhere else on the globe.
What Is Phishing?
According to Phishing.org, phishing occurs when a cybercriminal contacts a target via email, phone or text message while acting as a legitimate institution. One example is a cybercriminal contacting a business and posing as a vendor interested in selling something. A cybercriminal may also act like a potential client interested in buying a product or service. In rare instances, cybercriminals even pose as higher-ups in the company.
The target is then lured into releasing personally identifiable information to the cybercriminal. Credit card details, passwords or bank account information all fall into this category. Finally, the cybercriminal uses this information to enact financial fraud or identity theft.
The Evolution Of Phishing
In the infancy of cybercrime, phishing attempts were notoriously easy to identify. They often contained poor grammar and were easily identifiable as illegitimate.
Today, cybercriminals are more deceptive about how they conduct phishing attacks. As a result, phishing attacks are harder to identify than ever before.
Here are some tell-tale signs of a phishing attack in 2019:
- Beware of sketchy mobile messages. According to Pew research, 95% of Americans now own a mobile device of some kind, and 77% now own a smartphone. The ubiquity of mobile devices makes them a prime target for cybercriminals. If you receive a mobile message from a friend that’s short, impersonal and contains a link, avoid clicking on it.
- Monitor your Software as a Service (SaaS) programs, such as Office 365 and G Suit. SaaS has actually overtaken financial institutions as the top target of phishing attacks. Going through SaaS channels is one of the most popular ways for phishers to attack businesses. Beware of suspiciously worded password recovery attempts from companies such as Microsoft or Google. They may link to a spoofed webpage designed to steal your information.
- Address Business Email Compromise (BEC) attacks, which can occur when a phisher emails an employee an authentic looking email. The employee then opens up a dialogue with the cybercriminal and coaxes the employee into revealing private information. Beware of requests from higher-ups asking for personal information or items such as gift cards.
Protect Your Business From Phishing Attacks
Here are some important things your business can do to protect itself from phishing attacks:
- Require that employees use a password manager. This ensures that they never forget passwords. In turn, businesses can avoid phishing attacks that double as password or account recovery requests.
- Use multiple channels, such as a business email or a CMS like Hubspot and Slack to share information. If a manager asks for a document, require it to be sent via Slack and not email. This allows your business to circumvent BEC phishing attacks.
- Use multi-factor authentication (i.e. a code sent via SMS in addition to a password) when logging into a company SaaS or even just company computers. This makes it significantly harder for cybercriminals to gain access to company email or messaging systems.
- Train employees on what phishing attacks look like and how they can recognize different types of phishing attempts. Train them to know what a phishing attempt sent with a messaging app looks like and how that differs from a BEC phishing attack.
Internet Contrasts has been designing, installing and maintaining secure computer networks in businesses for more than 16 years. To learn more about protecting your business from phishing attacks, visit Internet Contrasts’ website.