If there was such a thing as a corporate plague, everyone would agree that phishing attacks are it. Phishing is best described as scams, where cyber con artists trick people into revealing information, sending money, or downloading malware.
Phishing attacks are widespread and successful. Even to this day, where advanced spam filters exist, and companies invest in campaigns to educate employees on the danger signs. Everyone’s a potential target, and no one is immune to the pitfalls of phishing, including giant tech companies like Facebook and Google.
Unfortunately, the problem continues to grow, despite cybersecurity efforts, thanks to the way phishing attacks exploit human nature. They prey on people’s excitement over getting a tantalizing message and their fear of missing out. Panic is also a great motivator which plenty of phishing scams use to trick people into doing something before they can think it through.
Email is one of the leading modes of phishing communication since it’s so widely used. Employees regularly share their email addresses online for various reasons, but the downside is that it makes them easy targets.
Who Do Phishing Attacks Target?
No, that wasn’t an over-exaggeration. They will badger anyone with an email address or a phone number. However, businesses are the biggest targets. According to an FBI report, email phishing attacks cost businesses more than $675 million in 2017 alone. That number is set to be much higher for 2019.
CEOs and directors of big companies are attractive targets. However, the victims of these types of attacks aren’t limited to large corporations. In fact, small to medium businesses make up almost 70% of cybercrime victims, of which phishing is the most prodigious. There are a few reasons for this; the main ones being that small businesses don’t have the funds to counter these types of exploits. Cybercriminals are very much aware of that too.
The Most Prominent Types of Phishing Attack
Cybercriminals use very creative phishing tactics to fool people into taking their bait. These can be very targeted as they learn more about an individual and use that knowledge against them.
Right now, the most prominent methods are:
– Jumping on Trends: Those who write phishing attacks are very up to date on current trends. For instance, many Football World Cup fans were targeted in 2018 by offers of cheap or free trips to Moscow.
– Turning it Social: Email defense solutions continues to grow, forcing scammers to update their tactics. They’re only now starting to really take on social media with specific phishing attacks geared towards those platforms.
– Tech Support Help: This is an oldie but still surprisingly effective. There are many different iterations of this phishing technique, but they always involve a scammer posing as a tech support consultant. Usually, the end goal is to get the victim to download or install malware.
Don’t Take the Bait
Here are a few tips that will help business owners better combat the phishing plague.
Those who don’t know better won’t do better. Phishing works because people are so easily exploitable and can’t identify the warning signs of a scam. Let employees know what they should look out for and who to report to if they receive a phishing email.
Some warning signs to look out for:
-A sense of urgency
-The sender refers to the recipient in an impersonal way
-The sender is an unknown party who somehow knows personal details about the recipient.
Have Two-Factor Authentication Set Up
All important business accounts need to have two-factor authentication set up where possible. This will add another layer of defense in case any passwords are compromised.
Set Up Policies About Digital Security
Companies, no matter their size, should all have a digital policy in place to guide employees towards safe online behavior. There also needs to be a contingency plan in case something does go wrong. Everyone should be clear on what steps they have to take to prevent further harm in case of a successful attack.
Install VPN Software to Secure the Network
A VPN is a brilliant security tool that many businesses are adopting to prevent attackers from gaining access to private data. Using a reliable VPN technology will prevent scammers from using tools to track business employees’ personal email addresses. It will also keep malicious or phishing websites from tracking any users who visit them by encrypting their browsing sessions.
Phishing attacks have been around for a long time, and they annoyingly keep sticking around.
There’s no way to completely identify all types of phishing attacks as they continue to evolve. So businesses need to stay vigilant and keep adapting their own safety systems to limit the amount of exposure to these attacks.