As seen on BetaNews...
According to a new FBI report, businesses lost more than $676 million as a result of email fraud in 2017 -- up 88 percent from the year before. Clearly, businesses are losing the war against email scammers, as phishing attacks have become increasingly sophisticated and widespread.
Phishing is a method of social engineering (i.e. deception) used to gain access to a social media account, bank account or another protected resource. Hackers typically use an email or text message to trick the user into providing login information. Once the user reveals a username and password, the attacker will hijack the account. The outcome can be as devastating as a fully drained bank account. Frankly, all individuals and businesses should take phishing seriously.
There are several types of phishing attacks:
Standard phishing occurs when messages impersonating a well-known brand are sent with the intention of stealing user credentials. Typically, these attacks are widespread and untargeted, as the malicious sender hopes to send enough email to reach at least some of the brand’s audience, and further hoping a portion supplies access to their accounts.
Spear phishing involves highly targeted emails commonly aimed at specific roles within a business. The goal of a spear phishing attack is to access a specific part of a network or to achieve a particular end, like transferring funds into the attacker’s account. These attacks are more difficult for the average user to identify. Spear phishing emails are often personally addressed to the individual, and may contain real information gleaned from other social engineering tactics.
Business Email Compromise (BEC) attacks are usually targeted to a specific individual, and include instructions from a "senior executive" or other respected authority. The addresses used to send these messages are often very similar to the actual individual being impersonated, and the instructions might sound totally feasible, like the "CEO" asking for funds to be transferred to complete a purchase. For some roles within the company, that could be a legitimate request.
Despite the severe consequences of the types of attacks listed above, the best defense against email scammers looking to steal data is a critical eye and business process improvement.
How do you protect yourself and your company from being a victim of phishing?
With phishing attacks on the rise, individuals inside and outside of a business setting should take steps prevent phishing attempts before falling prey to them.