An increasingly popular form of cyber-crime-Phishing poses a very real and significant threat to organisations as well as individuals around the world. According to a recent report by Verizon, in the last year, nearly a third of all data breaches involved some sort of phishing attack. The publication of this report further underlines how phishing is a form of cyber-attack that is dangerous to businesses as well as consumers.
What is Phishing?
Phishing is a broader term to describe a form of cyber-fraud. Formed on the basis of fishing, phishing is the “virtual” equivalent of it, which involves tricking an individual into “taking a bait” and then subsequently getting hooked.
This type of attack often would involve cyber-criminals who attempt to impersonate a person or an organisation in order to obtain information or force the victim in carrying out a specific action. Different methods can be used to carry out the attack such as email, telephone, text messaging as well as the use of social media accounts.
Phishing itself is a method of attack, though the key to its success is the requirement of the victim to do something, i.e. open a link, or download an attachment. This action then triggers a “payload” which can be termed as a weapon of choice which can range from being a ransomware to a form of malware.
Alternatively, cyber-criminals could also look to encourage you to visit a fake website which aims to imitate a genuine website, once at the site you would be asked to change your password or confirm a piece of sensitive information.
Research in the past year has shown that 62% of phishing campaigns captures at a minimum one set of user credentials.
The Impact of Phishing:
A good example that demonstrates how phishing can have a huge financial impact on organisations can be seen in the case of the Lithuanian hacker who between 2013-2015 posed himself as a vendor and had sent a number of fake invoices to both Facebook and Google, giving the impression that both companies did business with him. Facebook and Google ended up being duped, which then cost both the firms $123m combined.
Even though the tactic is so simple the key behind its success is to catch people who are unaware, sending an email that looks convincing and to convey a sense of urgency.
Some of the factors that come into play in a phishing attack are:
How Organisations Can be Kept Safe:
There isn’t a one-size fit all solution when it comes to email security and phishing. Though there are a few best practices that can be implemented which can help protect your organization some of these are:
Different data protection scenarios can in some cases require different forms of protection. Protegrity offers a variety of protection methods that are suited to a wide variety of datatypes. Find out more by reading our e-book: Privacy by Design: Balancing Defence In-Depth With Advanced Analytics.