Image by mohamed_hassan
Phishing scams can be catastrophic for businesses. Left unprotected, your business is susceptible to negative consequences for your staff, operations, vendors, and clients/customers.
Phishing scams can lead to:
- Liability issues for exposed data
- Data loss (temporary & permanent)
- Service disruption
- Loss of reputation
- Identity theft
- And more
That being said, phishing scams are on the rise – Is your business adequately protected?
To counteract this prevalence of this cyberthreat, we’ll take a look at how to recognize phishing scams and other related topics, including:
- What is a Phishing Scam?
- Recent Phishing Facts Statistics
- Understanding the Sophistication of Modern Phishing Scams
- How Root Port IT Protects Your Business
What is a Phishing Scam?
A phishing scam is a type of cyberattack that scammers use to trick you into submitting your personal information and data. Through email or text messages, phishing scams persuade users to hand over their sensitive and private information. These emails and text messages are commonly disguised as legitimate companies and services that are familiar to the user, which makes them difficult to recognize and discern.
The most commonly sought-after information in phishing scams includes:
- Name
- Address phone Number(s)
- Passwords
- Financial Information & Bank Account Numbers
- Social Security Number
- Driver’s License Number
- IMEI Numbers (unique identifiers tied to each mobile device)
- Answers to security questions
- And more
This information is typically used for verification purposes online, and the more information that is obtained for a particular user can create a number of serious problems for users and businesses.
If enough information is obtained, it is more likely that a scammer can pose as the targeted user and/or commit criminal acts like:
- Gaining access to email(s), bank(s), or other accounts
- Gaining access to IoT devices, connected networks, and “smart” building apps
- Gaining access to other organizations – such as your business – if spyware, malware, viruses, ransomware, and other tactics are deployed
- Selling this information to other hackers on the dark web
With the severe consequences of a phishing scam, having a comprehensive cyber security and networking solution is the only way to protect your business.
To understand the enormous challenge that businesses are facing in this new cyber security paradigm, let’s take a look at a number of relevant cybersecurity stats.
Recent Phishing Facts Statistics
Everyday, there are thousands of phishing attacks launched at unsuspecting users. And because of the nature of phishing attacks, they are often successful.
- 75% of organizations around the world experienced a phishing attack in 2020; 74% of attacks targeting US businesses were successful. [Source: ProofPoint]
- According to IBM, the average cost of a data breach is $3.86 million USD. [Source: IBM]
- The FBIs Internet Crime Complaint Center (IC3) found that phishing scams are cost US businesses adjusted losses of over 54 million dollars, with business email compromise(BEC) attacks are the most costly of all, with an adjusted loss of around 1.8 billion dollars
- Some of the most targeted industries for phishing attacks (with percentage of total attacks worldwide) include:
- Financial institution (24.9%)
- Social media (23.6%)
- SaaS / Webmail (19.6%)
- Payment (8.5%)
- E-commerce / retail (7.6%)
- Logistics / shipping (5.8%)
- Cryptocurrency (2%)
- Other (8%)
- In the third quarter of 2020, the most common types of malicious files attached to phishing emails were recently as follows:
- Windows executables (74%)
- Script files (11%)
- Office documents (5%)
- Compressed archives (4%)
- PDF documents (2%)
- Java files (2%)
- Batch files (2%)
- Shortcuts (2%)
- Android executables (>1%)
- [Source: ESET]
Understanding the Sophistication of Modern Phishing Scams
Every year, phishing attacks become more frequent and sophisticated. With more data compromised and more-advanced software, scammers are able to exploit previously-unreachable data using a multitude of scams of new methodologies.
Newer offshoots of phishing scams include:
- Vishing
- SMiShing
- Whaling
- Pharming
Businesses that don’t choose to prioritize a modern cyber security paradigm may end up like T-Mobile. Hackers not only obtained the data of nearly 100 million people, but are now selling a portion of it on underground forums for 6 bitcoin (currently valued at $280,000).
What’s most concerning is that this is T-Mobile’s sixth known breach in four years, showing a clear trend of targeting companies that do not prioritize their cyber security.
Also, what makes these phishing attacks so concerning is the wide scope of the attacks. Since user’s data are in the wild, data can be cross-referenced through multiple sources. This blend of data that could be used to great effect, and not in ways you might automatically assume. With the T-mobile hacks, criminals now have the ability to compromise even a user’s phone – which may include your business staff, vendors, and customers/clients.
Signs to Recognize for a Phishing Scam
The following are some of the most common signs and indicators that will help you recognize a phishing email or text message:
- Phishing emails and text messages may look like they’re from a company you know or trust. Some of the most common companies used for phishing are:
- Banks
- Credit card companies
- Social networking sites
- Online payment websites/apps
- Online stores
- Phishing emails or text use a number of different methods to trick users:
- There’s a problem with your account or your payment information
- You need to confirm some personal information
- Claiming rebates or coupons
- Fake invoices
- Suspicious activity or log-in attempts
- Eligibility to register for government refunds
- The email or text has a generic greeting, such as “Hello valued customer”. This contrasts normal greetings that have your specific information (ie. preferred name and other identifying information).
- As mentioned in the last section, cross-referenced data is being incorporated into newer phishing methods that use a centralized database, making it easier and more convincing for a user to click on a link or install an attachment.
- If you believe you or your business has been affected by a phishing attack, you may notice slower performance from your network, changed passwords, compromised/inaccessible data, and other effects of someone changing your data without your permission
How Root Port IT Protects Your Business
Protecting against phishing attacks takes more than ensuring that your email spam filters are enabled. By partnering with Root Port IT, your business adds extra layers of protection for comprehensive security to protect yourself from phishing attacks and other cyberthreats.
Root Port IT offers the following solutions for your business:
- Protect your networks by using industry-leading security software
- Comprehensive security assessments
- Automated network monitoring for unauthorized access
- Automatic updates on all connected devices for critical protection against security threats
- Multi-factor authentication (MFA) for all accounts, requiring two or more credentials to log in with passwords, security keys, biometrics, and more.
- Creating protocols and training modules to educate staff on identifying phishing attacks
- Comprehensive backup solutions, including cloud storage, on-site servers, and hybrid solutions
- And more
Contact Root Port IT today to learn more about how we can protect your business and give you the peace of mind to do what you do best.