By 
Cyber thieves are everywhere. From hackers digitally breaking into big box retailers such as Target, to crooks stealing identities, digital crime shows no signs of slowing down — and it’s costing companies millions in losses.
One of the scams gaining momentum is phishing — a way to trick people (your employees) into giving up personal information such as user names and passwords to their online accounts via spoof emails or websites. Victims unwittingly submit their log-in details on these fake sites, effectively giving cyber criminals easy access to highly sensitive data.
Of the 5 types of phishing — Spear, Deceptive, Dropbox, Google Doc and CEO Fraud, Spear is perhaps the type most feared by companies.
According to a recent Cloudmark survey, 95% of U.S. respondents said they have experienced spear phishing attacks. Others reported a loss of reputation, customers and a drop in stock price, among other negative effects. Almost half of respondents suffered financial loss.
What makes spear phishing different from other varieties? Spear phishing is more targeted. It occurs when cyber criminals use existing information about someone (from social media profiles, for example), in an attempt to digitally steal personal data. It’s more directed, and phishers may use urgent, alarming language to get victims to act quickly.
Don’t Assume You’re Immune To Phishing
No company is immune to the phishing epidemic. Organizations as massive as the FBI have been hit, as have the tiniest of mom n’ pop businesses. It’s widespread because the attacks are incredibly effective. 84% of respondents in the Cloudmark survey noted that despite using traditional security solutions, spear phishing attacks penetrated their security solutions.
Who’s to blame? Experts say a security system’s weakest link is employees, who inadvertently open suspect email and click on bad links. Avoiding these security woes comes down to employers showing workers how to avoid phishers’ stealth tactics. It’s a vital part of a company’s cyber defense strategy.
Read About Keeping your Organization Safe &
Establishing an Effective Employee IT Policy >>
What To Watch
Building email security awareness is key. Employees should understand how phishing works, and how to avoid putting themselves and the company at risk. Here are the top 5 phishing scams to watch:
1) Spear
Targeted emails that include alarming threats. These are often an urgent, call-to-action to get a person to act quickly.
2) Deceptive Phishing
Emails claiming to come from recognized sources asking to verify an account, or make a payment.
3) CEO Fraud
Despite its name, CEO fraud can affect any employee responsible for making payments or providing critical information. Cyber criminals assume the identity of an authority figure within a company and make a request to the accounting department to initiate a payment.
4) Dropbox Phishing
File hosting services appear to be prime targets for phishers. Scammers send Dropbox-style emails to internet users, asking for account validation (leaving them vulnerable to thieves) or to download a shared document (which often ends up to be malware).
5) Google Docs Phishing
Seems everyone, including phishers, want a piece of Google. In this scam, phishers target users’ Google accounts including Gmail, Google Play and Android applications.
A potential victim is asked to check out a document on Google Docs, leading them to the scammer’s fake Google login page. It looks entirely legit because it’s hosted on Google’s servers, and scammers house folders within Google Drive accounts. It’s incredibly sophisticated and potentially very damaging.
Learn more about educating your employees on IT security in the workplace >>
Stop Phishing In Its Tracks
With phishing picking up speed, employers and employees need to be prepared with proper cybersecurity and be vigilant about questionable emails. The experts at Resilient Intelligent Systems, Partner of Fortinet, can help you secure what’s most important.
Why Do You Need Sandboxing for Protection?
You are likely already running a number of security technologies to help protect your organization from malicious code and you are probably running technologies that help you identify good code. However, like most organizations, you are still at risk from the unknown.
