Phishing relies on the fact that employees are doing more, faster, with more complicated devices and better layers of security. Whether they don’t have time or the ability to remain diligent – or they assume the network security will protect them – employees in every vertical still fall prey to phishing. In 2019, Verizon stated in its yearly cybersecurity report that phishing is the most common and successful cyberattack tactic in existence.
Read on to learn why phishing continues to remain a severe threat to businesses, and how to take steps to prevent a phishing attack.
Phishing: The Oldest Trick in the Books That Still Works
Phishing is one of the first tricks that hackers devised in the early days of the internet. The first attempts occurred in the late 1990s and involved hackers posing as AOL administrators asking users over chat to “confirm” their passwords. Once handed over, the hacker would log in to the user’s account and steal their credit card information.
The tactic was effective, but phishing didn’t hit emails until 2001. Following the events of September 11, a ring of hackers targeted financial institution mailing lists claiming to conduct a “post 9/11 security ID check.” Although most of these attempts failed, they started a wave of other experiments and attacks. By 2003, the U.S. government regarded phishing as an “industry” of organized crime.
Today, most people know to treat emails carefully when they come from untrusted sources and bearing peculiar stories about urgent security requirements. Nonetheless, in the second quarter of 2019 alone, Kaspersky identified and blocked 129,933,555 phishing attempts. Phishing remains big business – but how does it continue to work?
The Latest Evolution of Phishing
The breadth and creativity of phishing attacks in 2020 are astounding. Long gone are the days of fantastical emails written in hilariously bad English by someone claiming to be a Nigerian prince. Instead, phishing has gotten more sophisticated as criminals learn to craft a hook to fool their targets.
It works. In February 2020, Shark Tank star Barbara Corcoran was scammed out of nearly $400,000. The hacker, posing as Corcoran, had ordered her bookkeeper to wire the money to purchase real estate (something Corcoran is known to do).
Although Kaspersky and Verizon both found that most phishing occurs over email, there are many ways it might happen. Some of the most effective include:
- Business compromise emails (BECs): A hacker poses as a manager or executive, ordering an employee to carry out seemingly legitimate business activities.
- Highly targeted credential harvesting: In 2019, Kaspersky noticed a sharp uptick in criminals targeting iCloud users by posing as emails from Apple tech support.
- Third–party phishing attacks: Some hackers target insecure small businesses that partner with larger corporations, then leverage that trust to hack into those larger enterprises.
How to Spot and Prevent a Phishing Attack
It can be difficult, if not impossible, to recognize a phishing attack. Hackers take advantage of this. Companies can use security best practices that aren’t contingent on an employee’s ability to analyze an email to prevent an attack from succeeding. These best practices are as follows:
1. Limit the Number of Public-Facing Email Accounts
The most effective phishing attacks require extensive research of a target beforehand. Discourage employees from posting work contact information in public areas and use a whitelisting strategy on all email accounts that don’t interact with the public.
2. Establish a Communication Policy
Clearly communicate when, where, how, and why management will send emails to employees. This makes it easier to spot when an unusual request appears in an inbox.
3. Encourage Staff to Forward All Suspicious Emails
Some research suggests that employees receive as many as 50 phishing emails per week. Encourage them to forward all suspicious emails to the IT department and catalog each instance. It may help spot patterns.
4. Provide a List of Secure Login Links
Discourage employees from clicking on links in emails. Instead, provide a list of secure login links in the web browser for employees to log in to company resources.
Staying Safe in the Age of Cybercrime
Although most people believe they know how to prevent a phishing attack, the many reports put out by cybersecurity experts around the world suggest that it’s more complicated than it may seem. From creative techniques to the pressure on employees to remain efficient, preventing every attack is an uphill battle. Fortunately, through a combination of best practices and the right security measures, staying safe in the age of cybercrime is possible.
Cartridge World in the Quad Cities helps companies in places like Davenport, Iowa, stay secure and productive. Start a conversation now about the office solutions a company needs to succeed.