Most of us have seen it. An email asking you to collect your large inheritance. A Nigerian prince who would like to send you his fortune for safekeeping. These types of scams have been around for years. By now, many of us should be aware that this is a typical phishing attack.
The golden rule is simple enough: don’t click on strange links. So why do we continue to take the bait?
Hackers have come a long way since the Nigerian prince days. They’re using increasingly more sophisticated phishing methods to trick individuals into thinking that they’re being contacted by a reputable company or a familiar individual. And studies show that it’s working.
In a report by AIG, phishing is now the top reported cyber incident, accounting for roughly one quarter of all claims.
Here’s why these attacks are on the rise:
Hackers understand that we’re more likely to click on links from sources we’re familiar with. They craft emails that look like they’re coming from senders we know, or link to websites that look nearly identical to major ones, like Microsoft. In fact, Microsoft is the top impersonated brand in phishing attacks, with PayPal and Facebook coming in second and third.
It’s reported that there are over 3 billion fake emails sent daily, indicating that hackers want to cast as wide of a net as possible and target as many users they can. Phishing has crept it’s way into as many devices and platforms as possible, and has branched out to other types of phishing attacks including vishing and smishing.
What’s the difference?
A phishing attack is a scam in which a hacker attempts to impersonate or trick the target into giving away sensitive information.
Vishing is the same type of scam, but in this case hackers will try to gain information over the phone.
Smishing is short for SMS Phishing, in which hackers send these bogus links via text instead of email.
The trend here should be clear. At the end of the day, whatever name it goes by, on whatever device you’re using, the most important piece to remember is that hackers will try to exploit individuals using whatever means or medium possible.
Who is being targeted?
If you own a device, you’re a target. But as criminal tactics evolve, here’s who remains the most at risk:
Hackers aren’t exactly known for having a strong set of morals, and unfortunately elderly individuals are often targeted. Seniors are particularly susceptible to vishing, in which hackers can play on their emotions over the phone to trick and siphon money out of their accounts. Individuals over 65 are 34 percent more likely to be victims of a financial scam than people in their 40s, according to a report by the Stanford Center on Longevity.
The Financial Industry
When compared to other industries, the financial industry is highly targeted. This is due to the level of sensitivity of the data handled and how it can be used on the black market.
Government workers and subcontractors are also prime targets for phishing attacks, and can be highly susceptible. The threat to the public sector is enormous due to the scale and confidential nature of the data they hold.
When a phishing attack is directed at a targeted individual, this is called spear-phishing, or whaling, when the targeted individuals are high level executives. This strategy is used by hackers that are concentrating their efforts on members of an organization that have high-value information or possess authority that can be exploited. Some hackers spend months gaining information on their target to find a way to siphon money out of their target’s account.
All employees, everywhere
High-level officials aren’t the only gateway to sensitive company information. All employees at every level are at risk. An organization can only be as secure as its weakest link. Most successful breaches are caused by human error, and that largely includes clicking on malicious links. A moment of carelessness or a simple click can end up costing a company millions of dollars.
Preventing these attacks
Recognizing and looking out for these types of phishing attacks is key. Always think before you click. Be sure to check the sender of an email, and when in doubt, contact the person or business directly when you think an email could be a scam. Never give away log-in credentials, bank account numbers, or any sensitive information if you’re not entirely sure. And when you spot a phony email, be sure to report it.
Many organizations already have efforts in place to help combat these attacks, like implementing two-factor authentication and protocol to reduce email spoofing. But the numbers show that it’s not enough. To protect against these types of attacks, organizations should invest in ongoing security training for their employees. Cybint’s comprehensive training platform offers cyber education solutions for employees at any level to help recognize these types of attacks and minimize risk. Contact us to find out how our accelerated training methods can benefit your organization.