In spite of all the hype about cyber-attacks, one in three employees opens a phishing email each day. Hackers are highly skilled. They’ve learned what works and what doesn’t. They know how to craft a subject line that will seem intriguing. And, many people are multi-tasking. They don’t take the time to give the email a second look before clicking. Once you click, it’s too late.
Phishing is a term that was adapted from the word “fishing.” When we go fishing, we put a line in the water with bait on it and we sit back and wait for the first dumb fish to come along. Maybe the fish was hungry. Perhaps it just wasn’t paying attention. At any rate, eventually a fish will bite and you’ll have a catch for the day.
That’s basically how cyber phishing works. Cyber thieves craft an interesting email. Maybe it says you’ve won a $10 gift certificate from Starbucks. Wouldn’t that be great? All you have to do is click the link and take a short survey. Easy enough, right? Wrong!!
Once you click on a phishing email, a virus is downloaded onto your system. Sometimes it’s malware and sometimes it’s ransomware. In businesses, hackers are using ransomware more and more these days. They can shut down all the computers in the building and hold your data hostage until you pay the ransom.
With malware, criminals are trying to steal private information such as credit card numbers, bank account numbers, and account usernames and passwords. Once they have this information, they can charge things to your account, open new accounts in your name or steal banking info from you. It can be a nightmare.
Each day, hackers can trick people into clicking on bad links. The Anti-Phishing Working Group (APWG) reports that organizations will lose an estimated $9 billion in 2018 from phishing. Sometimes hackers are looking for a quick buck by stealing your credit card information. Other times, they’re looking for personal information they can sell to other criminals on the Dark Web.
The APWG reported increases in phishing that targeted SAAS (Software as a Service) and webmail providers, along with file hosting/sharing sites. Phishing against payment services and banks is still a big problem. The most-targeted industry sectors in the 1st quarter of 2018 were:
1. Password Check Required Immediately 15%
2. Security Alert 12%
3. Change of Password Required Immediately 11%
4. A Delivery Attempt was made 10%
5. Urgent press release to all employees 10%
6. De-activation of [[email]] in Process 10%
7. Revised Vacation & Sick Time Policy 9%
8. UPS Label Delivery, 1ZBE312TNY00015011 9%
9. Staff Review 2017 7%
10. Company Policies-Updates to our Fraternization Policy 7%
Staying safe from hackers these days requires diligence from everyone at your firm. Your employees need regular awareness training. They must be smarter than the latest new hacking scam. To do this, they have to be constantly reminded about what’s at stake. People forget, but with regular employee awareness training, this topic will be foremost on their minds. They’ll think twice before clicking on a link that says they just won a $25 gift certificate from Amazon.
This can save your company a lot of time and money, not to mention the loss of reputation. It’s not an expensive fix either. An IT specialist can come out to the company several times a year and explain how phishing works to your employees. We talk about the latest cyber threats and discuss things like how ransomware works and how to avoid being a victim. It’s a great way to make sure your employees are in the know.
If you found this article interesting, there are many more on our Blog that you should check out. Here are a few samples of what you’ll find: