Email Phishing Incident Review

Average Cost of Phishing Incident is $1.6M And GrowUp

Phishing is a very well-known method for hackers to utilize social engineering. Everyone gets hammered daily with spam. Often the email messages in the spam box are just unwanted marketing flyers, arriving electronically rather than stuffed under the windshield wiper of your car. However, many have much more nefarious intent than that.

According to a recent report by San Francisco based security company Cloudmark, found that each successful incident of phishing results in a cost of $1.6 million. These attacks target all types of businesses, non-profit organizations, and government agencies. Attackers attempt to gain trust in some way and will often send several benign email messages before loading one up with malware. Therefore, it is important to educate employees and staff, as well as students how to identify phishing.

• Instruct everyone not to click links in email messages that are from unknown senders or that are not expected.

• If there is any suspicion about whether or not a link is legitimate, the sender should be contacted separately from the email to confirm. A simple phone call or walking to that person’s office will do the trick. It that is not possible or reasonable, send a completely new email message.

• Train everyone to look out for incorrect spelling, typos, and grammatical mistakes. Often sentence structure is a bit jumbled, due to the fact that phishers are often non-native speakers of the country they are targeting.

• Graphics may not be sharp or the current ones of businesses being used in the communications. Check websites to make sure the logos are accurate, if you are in doubt.

• Warn users about attachments and the danger they pose as well. Malware is often disguised as a document or PDF file, but really executes a program if it’s opened.

There are several things that can happen if a computer is hit with malware. Data can be held for ransom, financial information can be stolen, or customer data can be retrieved. Whatever the end goal is for the attacker, it is likely to cost a significant amount of time and money to the victim to rectify it. In some cases, it means loss of customer loyalty.

It’s not just businesses and organizations that should heed the warning, however. In December, the Anti-Phishing Working Group released a report stating that even spear phishing against individuals is on the rise. Some high profile companies have recently been targeted, including Sony. Users of the online site Ashley Madison found out how vulnerable they were when someone stole information from parent company, Avid Life Media and subsequently posted details about infidelity of users online. Even crowd-funding sites are not immune. Last year, the site Patreon was compromised and 2.3 million records posted online. The information included passwords, email addresses, and donation records. However, unlike the Ashley Madison incident, the motive for that was not obvious.

Spear phishing is becoming more prevalent. Enough so that the FBI issued an alert to businesses to watch for Business Email Compromise (BEC). This type of phishing increased by 270%, yes that is two hundred seventy percent, from January to August of 2015.