Phishing is one of the ways hackers and other cyber-terrorists use to gain access to a company’s network. Phishing got its name because the concept is similar to actual fishing. Hackers use a lure (usually a faked email) to try to get bites, which in this case means tricking a person into clicking on a link or providing them with personal information. Once they have this information, they’re able to log in or otherwise access the user’s credentials. With businesses, that means they have access to everything the phished employee has. 911 PC Help can help you avoid falling victim to one of these scams.
How Do Phishing Scams Work?
Phishing scams vary from easy to spot fakes to incredibly well-done forgeries. As mentioned above, most phishing scams use fake emails. They send out an email that looks like it came from someone else—a bank, a credit card company, even a client or a business partner. These emails often ask users to click on a link and enter information into a web form, though some ask users to reply with information or fill out an attached form.
Some of these fakes are easy to spot. The return email address may not even include the company it’s supposedly from. Others link to URLs that are gibberish or otherwise obviously not legitimate websites. However, some phishing scams are nearly indistinguishable from legitimate emails. They may have used a program to make it look like the email came from someone else, use the business’s headers and other graphics, and link to a site that’s identical to the actual company website. It takes a keen eye to spot these fakes, and even some phishing experts have fallen prey to them.
Some phishing scams impersonate people. For example, hackers have attempted to fake emails from the CEO of a company. They often send these emails to those in a company’s finance or HR departments. They ask the employee to transfer funds to a specific bank account or send them employee information. Many employees don’t even question these emails and simply do what was asked.
New types of phishing
While most phishing attacks are done through email, the rise of social media has led to new forms of this scam. For example, hackers can steal the information and images from someone’s Facebook account, create a fake account with that information, and message the person’s friends asking for help. It’s not as prevalent as email scams, but it is something people need to watch for. Hackers have also been known to clone phone numbers to send fraudulent texts and even copy entire websites.
Are phishing attacks successful? If you look at the number of successful attacks, you might think they aren’t. However, those that do succeed cause a good amount of damage. Around 88% of all businesses are subject to at least one phishing attack every year. These scams account for about 36% of data breaches annually and on average cost companies nearly 5 million dollars. That’s not including the damage to the company’s reputation. Many lose customers, business partners, and contracts because of their lack security.
The Fallout from a Phishing Attack
Cyberattacks can have devastating consequences. For instance, the MOVEit breach in June 2023 impacted over 120 businesses, potentially compromising data from 15 million individuals. While not a phishing attack, it illustrates the severe damage hacks can cause.
Phishing attacks have inflicted significant harm on various companies.
- One of the earliest major phishing attacks occurred in 2007. Customers who banked with Nordea, a bank in Sweden, received fake emails that asked users to download the attached “anti-spam” tool to help protect their accounts. However, the attachment was a Trojan horse virus. Hackers made off with more than 7 million Swedish kronor, which was equal to around $1 billion USD at the time.
- Sony was the target of a phishing attack in 2014. Hackers created a fake email asking employees to verify their Apple IDs. With this information and data scraped from the employees’ LinkedIn profiles, they were able to login or reset the employees’ Sony passwords, getting into their accounts and stealing more than 100 terabytes of confidential data.
- In 2018, soccer fans around the world woke up to great news: they had won tickets to the 2018 World Cup in Russia. All they had to do was enter their information on the website linked in the email. Of course, no one had won anything, and those who gave up their information quickly found that their identities were stolen.
- Businesses and individuals aren’t the only ones targeted. In 2019, members of the British parliament and their employees were subject to a scam. While many did recognize the attempts to steal their information, all it takes is one person to fall for the scam to give hackers access to sensitive data.
How to Defeat Phishing Scams
While there are millions of phishing emails sent every year, a large number of them do fail because employees can recognize them as fakes. However, that doesn’t mean you’re safe. Employee education is your greatest weapon against phishing emails. You will want to make certain all new employees are trained on cybersecurity, including phishing scams. Current employees should be periodically tested using a fake phishing email. 911 PC Help can assist you with this test. Those who fail to spot the fake will go through a refresher course on phishing.
Employees need to understand how clever phishing scams should be. They need to pay attention to many different elements of an email:
- The sender’s email address – this can be spoofed, however, so even a legitimate email address can be used for phishing.
- What the email wants – any email asking the recipient to open the attached file or click on a link should be questioned, especially if it’s an unexpected email. A message from a coworker with an attached document that the recipient asked for is likely fine. An email from an outside email address with a document is suspicious.
- The writing style – if the email supposedly comes from someone the recipient knows but is still questionable, they should look at the writing style. Does it match how the sender normally writes? Is it signed the same way, or does it include the sender’s standard email signature?
- Check the link – most email programs will show the actual URL of a link if the user places their mouse pointer over it. This is a good way to see where a link goes without actually clicking on it.
Contact 911 PC Help Today to Discuss Employee Education and Cybersecurity
911 PC Help has a training course for employees on phishing and other cybersecurity risks. One of the best defenses against all types of cyberattacks is knowledge, but many businesses fail to fully educate their employees. We also provide a wide range of managed services, including cloud management and network security. Reach out today to learn more about how we can help you.