Phishing is the biggest threat of small organisations, accounting for more than 30%* of data breaches based on Verizon’s 2020 DBIR report.
What is Phishing?
Phishing is a cyberattack that uses a disguised email as a weapon. The aim is to trick the recipient into giving valuable information, often a request from their bank or an email from someone in their company – requesting they click a link or download an attachment.
A recent report* revealed that there has been a 600% increase reported in phishing emails since the end of February 2020, with many cyber criminals cashing in on the uncertainty surrounding the pandemic.
*Barracuda Networks
Phishing attacks occur when a cybercriminal aims to trick victims into revealing sensitive information. This may all start with a fraudulent email, where the cybercriminal pretends to be someone that you know or trust such as your bank or your employer.
From the email it can either redirect the victim to spoofed web pages or the email could contain attachments with embedded viruses that will run when the attachment is opened. These are tailored to trick the recipient into giving over valuable information that can either be used to further exploit the company or to simply gain access to their network. They are often a request from authority figures such as a bank or the an email from someone high up in their company. These attacks are getting more sophisticated too.
What to look out for?
A phishing email often tells a story to trick you into clicking on a link or opening an attachment. Here are some of the key things to look out for:
- Incorrect Domain Addresses
Spoofing the sender address in an email is a common tactic used. Check not only who the email is from but also the actual email address. Look to identify things like misspellings or a sender email address that has the incorrect domain. Hover your mouse over the sender’s email to see the full domain address.
- Impersonal Introductions
Phishing emails are often impersonal and generic, addressing the recipient as “customer” rather than their name.
- Spelling and Grammar
An indication of a phishing email can be bad spelling or grammatical errors with an unfamiliar tone. Watch out for unfamiliar language incorrect spelling or words used out of context, this can help to identify phishing emails.
- Threats or a Sense of Urgency
Emails that threaten a negative outcome should always be treated with care. A popular tactic is to use a sense of urgency to encourage, or even demand, immediate action to put pressure on the recipient to act on impulse.
- Suspicious Attachments
Be cautious of attachments, be completely sure of a sender’s identity before opening any attachment. If you are in any doubt, always check with the IT team as they could contain attachments with embedded viruses that will hit your network upon opening.
What are the impacts of Phishing attacks on Small to Medium Businesses’?
• First off, 67% of compromised businesses reported a loss in productivity, this is accounting for the work it takes to recover data, re-train employees or even just identify where the breaches have come from.
• 50% experienced reputational damage (1 in 3 consumers will stop using a business after a security breach). We supported a local business who was a victim of a phishing attack, as a result they suffered a data loss and legally had to tell customers – this had a huge impact on their reputation, and they lost clients as a result.
• 54% of victims experience data loss & 70% of organisations who experience major data loss go out of business.
How can you protect your organisation from Phishing Attacks?
Multi-Factor Authentication (MFA) – combines a password with another form of authentication to help increase the confidence that the user requesting access is who they claim to be. With MFA, even if a hacker does guess, steal or crack your password they will not be able to gain access without the second form of authentication, such as a code sent as a Text (SMS) message to your mobile phone, fingerprints or codes generated by apps on a smart phone.
With 93% of successful security breaches starting with a phishing email, and over 90% due to internal vulnerabilities or human error**, passwords are one of our biggest vulnerabilities. Hackers are developing more intelligent and harder-to-spot methods of stealing employees’ credentials and gaining access to accounts. MFA adds an additional layer to the login process, strengthening security and increasing your protection from such threats
For information how Smart IT can help with your IT Systems contact us today.
