As seen in Dashlane blog...
Phishing attacks are on the rise, and they’re more sophisticated than ever.
The reason these types of attacks are on the rise is because they’re extremely profitable for perpetrators.
And with the average cost of a phishing attack costing a mid-size company $1.6 million, it can be a death blow for businesses that don’t put in the necessary protections against a potential attack.
The average cost of a phishing attack for mid-size companies?
So, let’s start with the basics: What is a phishing attack?
What is a Phishing Attack?
A phishing attack, or a phishing scam, is when a criminal sends an email pretending to be someone (ex. the CEO of your organization) or something he’s not (ex. Google), in order to extract sensitive information out of the target.
Essentially, the perpetrator attempts to elicit fear, curiosity, and/or a sense of urgency out of the target, so that when the target is prompted to open an attachment or fill in their sensitive information, like a username, password, or credit card number, they are likely to acquiesce.
Here’s an example of a recent Gmail phishing scam that targeted nearly 1 billion Gmail users worldwide:
While this looks exactly like a Gmail sign-in form, the URL is slightly changed. Filling in this form would give a hacker full access to your Gmail account.
The Gmail scam is what happens when a criminal wants to cast a wide net and increase his or her chances of locating individuals who are susceptible to an attack.
However, there are more targeted attacks, which are referred to as spear phishing.
As the name suggests, spear phishing is used when a criminal is targeting either one, or a limited number of people using a more personalized approach. A spear phishing attack can be highly effective, because the perpetrator can use tailored language to each individual.
Imagine if your “CEO” emailed a few people and sent them a meeting invite through Gmail, and the link in the email prompted the users to sign-in to Gmail to attend the meeting.
While the idea is the same — using a malicious link to phish sensitive information — spear phishing allows the criminal to contextualize the attack in a way that creates more urgency and intends to get the target to let their guard down.
To protect yourself and your organization from an inevitable attack, it’s important to have an understanding of the full phishing ecosystem.
If you think your organization is safe from a phishing attack because you haven’t yet been targeted, think again.
Your employees remain your organization’s weakest security link.
Many, if not all, of your employees are unlikely to be able to spot a phishing email — according to Intel, 97% of people around the world are unable to identify a sophisticated phishing email.
In short, it’s pretty devastating.
Your brand image, and the brand trust that you’ve worked so hard to build up, can be obliterated if news of a data breach surfaces to the public.
Thankfully, defending against an attack is possible with dedication, buy-in, and resource allocation for defense tools.
Read this article on Dashlane