How would you like to get in on a $6 billion a year industry just by sending emails?
Of course, most of us would think the question is a more than a little suspicious, but it’s possible and it’s too tempting for lots of cyber criminals to resist.
Phishing is an attempt to get sensitive information from the recipient of a malicious email or text message. The sought-after information can include personal banking user names and passwords, as well as bank account and credit card details. But businesses are just as often the victim of phishing attacks and they can have much more to lose, including all the private information of their customers and suppliers, which they are bound by law to protect.
To give you an idea of the extent of phishing attacks on businesses, 85% of organizations reported being the victim of a phishing attack in 2015, which was up 13% from 2014.
- A phishing email can look very legitimate. In cases of spear-phishing, which is a phishing attack directed at a particular individual, they can use personal names and appear to be from superior personnel within the company.
- 30% of phishing emails are opened. They can look so legitimate, including corporate branding and internal information (often picked up through websites and social media) that employees do not suspect the email is malicious.
- Almost 40% of organizations reported that employees have been tricked by ‘CEO emails’, where the email purports to be from the CEO of the company
The ease of which a phishing email can be made to look like a legitimate message from a superior within the company makes your employees the key to minimize your risks of falling victim to an attack.
In addition to technological precautions, including spam filters, it’s important for businesses of all types to educate their employees to be more aware of phishing attacks. This can include identifying suspicious emails by looking for an unusually high number of spelling mistakes, incorrect grammar and encouraging the recipient to act quickly. Training and awareness should also include ways of responding, including attempting to verify the email before opening or clicking on any links and reporting and deleting confirmed phishing emails as soon as possible.