Our first blog is about text and email phishing attacks.
What is email phishing?
Phishing is a social engineering attack that involves emails or texts disguised as legitimate sources. They look like they are from someone you trust, like a bank, store, supplier or law enforcement, but they secretly contain embedded URLs that direct you to the phishing site. They are designed to trick you to open the email or attachment, usually with tactics of fear, intimidation or greed. Once you open it, the malicious software downloads to your computer and the cybercriminal is able to obtain your sensitive information. And cybercriminals are not only after your information – they target small business and individuals as a potential portal to large corporations
How big is the email and text phishing problem?
The Anti-Phishing Working Group (APWG) just released its 2017 1st half report and some of the highlights were:
- On average there were over 90,000 unique email phishing campaigns every month.
- Small businesses tend to receive generic phishing attempts impersonating service providers and submitting fake invoices / payments. Attempts against larger businesses can be far more tailored, impersonating customers or even senior staff.
- Several hundred companies are being targeted regularly, at least every few weeks, while a smaller number of companies are attacked intermittently.
- Phishing attacks occurred most frequently in the Payment, Financial, and Webmail sectors.
- There has been an increase in the number of phishing attacks using free hosting providers or website builders. These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site.
- Of malware incidents documented Brazil, many were spread via Facebook, and half were hosted in the United States.
Clearly, phishing attacks are getting more sophisticated and more difficult to detect.
What can I do to safeguard my information and my company from phishing attacks?
It all comes down to access. 48% of cybersecurity incidents is attributed to individual employee carelessness, so you can’t afford to ignore employee education. Employees are the first line of defense, but they often don’t realize they have a role to play. Your company is much safer when they do not open suspicious attachment and alert the IT department. Here are some tips to protect your company.
- Make sure you have in place an Email Gateway Spam Filter and/or a spam filter in your Exchange Server. Turn on the Outlook ‘Junk Email’ Filter, run different antivirus products on the workstation and the mail server. The trick is to make it as hard as possible for the attacker to get through.
- Do not have a list of all email addresses of all employees on your website, use a web form instead.
- Keep your operating systems and programs updated.
- Be vigilant and when suspicious, examine emails carefully. Be cautious and mindful of what websites they are accessing and what files they are opening on company computers and devices.
- There are a number of free and subscription based tools(KnowBe4, Wombat, PhishMe) that can help you with employee education, latest phishing schemes, and higher levels of protection.
Our thanks to Kaspersky Labs, Anti-Phishing Working Group, and KnowBe4 for their valuable reports and white papers that they provide. Please visit their sites for much more detailed information on email phishing attacks and prevention.
E-K Media, Inc replicates Compact Discs CD and DVD’s, USB Drives, Blu-Ray Discs. We also provide graphic design, disc authoring and compression, print packaging, and mail fulfillment.