Phishing has grown into a sophisticated form of cyber crime, and email has become the weakest link. By being disguised as an important message or trusted individual, these cyber attackers are able to steal private data or cause viruses that convince victims to provide them money. One in every 99 emails is a phishing attack, and in a five day work week this amounts to 4.8 phishing emails per employee. With their mimicking of reliable companies such as Microsoft, Netflix, Facebook, and more, businesses could be receiving attacks everyday and not know it. Phishing emails can look authentic and those who are unaware of the frequency of these scams can easily fall victim, but is there anything that can be done about it?
From 2016 to 2017, online phishing attacks increased by 65%. Prior to that, cyber attacks had already been costing businesses five billion dollars worldwide. The way that phishing works is attackers are sending emails or other communications, manipulating the receiver into opening a malicious file or clicking a link. Once that file is opened or that link is clicked, malware is automatically downloaded to their device. A receiver could also be taken to a false website that collects login credentials resulting in compromising information. More than 2 in 3 phishing attempts used a tricky link and over half contain malware. This results in the aforementioned compromised personal information and can cause people to participate in false bank transfers or fake invoices. The attacker takes a quick two minutes, on average, after the email reaches the inbox to gain prolonged access to the system.
While half of phishing attacks use malware, hidden links that bypass standard scans and trigger a file to download, there are a couple other ways to which an attack can be categorized. The second most common cyber attack at 41% is credential harvesting. Just as it sounds, this is when a phisher lures victims to reveal personal information. Another category of phishing is extortion, the act of targeting victims by asking for money in exchange for keeping secrets.
Spear phishing holds the potential to cost the most at $7.2 million. Spear phishing targets high level employees and influences them to complete a manual task. The email the attackers send do not contain their regular scheming links or attachments, making it a difficult scam to detect. People continuously fall for the fake content that targets them as consumers, especially if the email is not filtered out of their inbox through default security.
The most successful phishing attacks are when the receivers are targeted directly. This can be through people’s social habits, safety habits, retail habits, or office communications. Hackers prey on the trust of others, which is why they often disguise themselves as trusted brands like Microsoft, Amazon, and multiple finance companies. Out of the twenty-five branded emails you receive in your inbox, at least one of those is a phishing email.
Another tactic used by scammers when targeting their victim is playing on feelings of fear and urgency. If you haven’t been doing things that warrant a “complaint filed” or “grievance filed” then it’s more than likely a phishing email. That being said, many legitimate emails from your trusted brands may contain signs of phishing, making the detection of scams that much more difficult.
Phishing can be intimidating, especially without prior knowledge or an email security platform. Luckily, there are tools that can help catch attacks before they reach the inbox. Whether it be intelligent scanning, full-suite protection, or layered security, secure email is the key to a secure business. Learn more about how email has become a weak link in cybercrime with the infographic below.
Featured illustration: Freepik / Surfink
Read next: Office 365 Security Unable to Detect a Large Number of Phishing Emails, Says Report
From 2016 to 2017, online phishing attacks increased by 65%. Prior to that, cyber attacks had already been costing businesses five billion dollars worldwide. The way that phishing works is attackers are sending emails or other communications, manipulating the receiver into opening a malicious file or clicking a link. Once that file is opened or that link is clicked, malware is automatically downloaded to their device. A receiver could also be taken to a false website that collects login credentials resulting in compromising information. More than 2 in 3 phishing attempts used a tricky link and over half contain malware. This results in the aforementioned compromised personal information and can cause people to participate in false bank transfers or fake invoices. The attacker takes a quick two minutes, on average, after the email reaches the inbox to gain prolonged access to the system.
While half of phishing attacks use malware, hidden links that bypass standard scans and trigger a file to download, there are a couple other ways to which an attack can be categorized. The second most common cyber attack at 41% is credential harvesting. Just as it sounds, this is when a phisher lures victims to reveal personal information. Another category of phishing is extortion, the act of targeting victims by asking for money in exchange for keeping secrets.
Spear phishing holds the potential to cost the most at $7.2 million. Spear phishing targets high level employees and influences them to complete a manual task. The email the attackers send do not contain their regular scheming links or attachments, making it a difficult scam to detect. People continuously fall for the fake content that targets them as consumers, especially if the email is not filtered out of their inbox through default security.
The most successful phishing attacks are when the receivers are targeted directly. This can be through people’s social habits, safety habits, retail habits, or office communications. Hackers prey on the trust of others, which is why they often disguise themselves as trusted brands like Microsoft, Amazon, and multiple finance companies. Out of the twenty-five branded emails you receive in your inbox, at least one of those is a phishing email.
Another tactic used by scammers when targeting their victim is playing on feelings of fear and urgency. If you haven’t been doing things that warrant a “complaint filed” or “grievance filed” then it’s more than likely a phishing email. That being said, many legitimate emails from your trusted brands may contain signs of phishing, making the detection of scams that much more difficult.
Phishing can be intimidating, especially without prior knowledge or an email security platform. Luckily, there are tools that can help catch attacks before they reach the inbox. Whether it be intelligent scanning, full-suite protection, or layered security, secure email is the key to a secure business. Learn more about how email has become a weak link in cybercrime with the infographic below.
Featured illustration: Freepik / Surfink
Read next: Office 365 Security Unable to Detect a Large Number of Phishing Emails, Says Report