Phishing email attacks account for more than 80% of reported security incidents this year alone. A phishing attack is a type of cyber attack that happens via email. The goal of a phishing email is to elicit a response from the user: type in a password, click on a link, or open an attachment. The end result: to load malware into your computer and hold your data for ransom. Or, in the case of spear phishing, the aim is to garner a targeted user’s credentials for a later, more specific attack.
Phishing attacks happen to people all over the world. Businesses, however, are particular targets. Phishing attacks aimed at businesses, or Business Email Compromise (BEC), has cost businesses 12 billion dollars in the past five years. It’s estimated that $17,700 is lost every minute due to phishing attacks.
Quick tips for spotting a phishing email
How can you avoid becoming a victim? Knowledge is power. First, you and your employees need to know what phishing emails look like and what to do with them. Bad actors have become incredibly detailed in their scams in the last few years. In the past, phishing emails were often littered with poor spelling and grammatical errors. They were also sent from obviously bogus email addresses. Now, bad actors create whole fake websites that look legitimate. Their emails confuse users and get them to put their credentials into these bogus websites. There are still a few tell-tale signs that an email or a website is not the real thing.
- Enticement and Urgency – The sender of the email will often appear to be a reputable company or source, such as Office 365, SharePoint, DocuSign, etc. The content of the email will be intriguing and often accompanied by some sort of urgency. For example, there will be a customer contract or invoice requiring your review or a deadline that was missed. The email will warn the user that he or she is in danger of missing a payment or incurring a penalty. The bad actors then require the user to log into a fake customer portal to correct the issue.
- Strange URLs – Phishing emails will often have a strange-looking URL in the message. Don’t click on it. Strange URLs are a common sign that the email is a phishing email. Also, look closely at the URL itself. Phishing emails will have a URL in the message that is one character off from the real one they’re imitating.
- Sender Domain Name – Phishing scam artists will often imitate a sender you already know. For example, if your colleague’s name is Gloria, the sender of the email will be [email protected] instead of [email protected]. Inspect the sender’s email address carefully. Make sure you recognize it and that there are no typos.
- Blank Emails with Attachments – Attachments are one of the major ways that malware, especially ransomware, gets into companies’ networks. If you receive an email that looks like it’s from someone in your company but it’s blank and only has an attachment, don’t open the attachment. Consult with your colleague and make sure they actually sent you the email and the attachment.
Malware and Ransomware
Malicious software, or malware, can wreak havoc on your systems. In 2019, 94% of malware attacks were delivered via email. One of the most dangerous types of malware is ransomware. Ransomware quietly gets into your computer and/or your network, encrypts your data and then forces you to pay a ransom to have it decrypted and given back. Estimates suggest that ransomware alone cost businesses 7.5 billion dollars last year. No business, large or small, can afford leaving themselves open to ransomware attacks.
Solutions to the Problem
Phishing scams rely on human error. Any business could be one employee click away from a huge payout or data breach. Training your employees is key. Unfortunately, a recent study states that approximately 60% of users receive training less than once a quarter. This means that organizations are not adequately training their employees to spot phishing emails and other attacks.
Does your organization fall into that 60%? Is your company secure from email phishing, malware and ransomware attacks? Here at GoComputek, we offer our clients the latest in email filtering software. We also recommend Webroot’s Security Awareness Training program to any clients looking to train their employees about email phishing and other types of security compliance protocols. We can recommend a phishing awareness program that’s right for your business. If you would like to learn more, please contact our office today!