Technology is changing at a startling speed, revolutionizing the way we live and how we do business. As much as it has improved our efficiency at the office, it's also given another group an upper hand: Criminals.
Phishing scams – where crooks attempt to gather sensitive personal information or access computer systems for nefarious purposes – are skyrocketing around the world. Over 50 percent of Internet users get at least one phishing email per day and as many as 1 in 245 emails are phishing attempts.
While many scams are targeted at consumers, there is increasing evidence that businesses of all sizes are at risk. And there is plenty to lose. Businesses that are swindled suffer direct financial losses, along with serious security breaches involving intellectual property, trade secrets and customer data.
It is not just the little guys who have been duped – victims of widespread phishing attacks include major media outlets such as the BBC and the New York Times. One American law firm lost over $ 335,000 after hackers gained access to its computer system and transferred cash to Russia.
Even the tech sector isn't immune despite having well-versed workers in the ways of the digital world. Facebook experienced a major security breach after employees visited a website that installed malware on their laptops. One study showed 27 percent of IT organizations have top executives or privileged users who have been fooled by malicious email attacks.
Would you or your employees be able to accurately spot a phishing email? Email is an important and valuable communication tool, so simply sending all messages to a spam or junk mail folder isn't a viable solution. That's why knowing what to look for is essential.
In most attacks, users will receive an email that appears to be from a legitimate source such as a bank, courier company or government agency. Often there will be a sense of urgency, with claims that a transaction may have failed or an important delivery is waiting to be made. While some messages contain spelling mistakes, grammatical errors or irregularities that tip off the user to its validity, others are picture perfect.
Almost always the user will be asked to download an attachment or click through a link to a website where requests are made for personal information or nasty software is installed to infiltrate the machine or network. Once hackers gain control they may utilize the compromised account to send malicious links to others within the organization, since we are more likely to trust an email that appears to come from someone we know.
But email is not the only avenue criminals are taking, as phishing attempts through social media are also on the rise. It is common to receive direct messages on social networks from people you know purporting to have seen a compromising photograph of you on the Internet, with a link for you to check it out. If you click, the crooks gain control of your account, a move that could create a public relations nightmare for any corporate entity. Mobile phishing, where users are sent text messages containing bad links, is also steadily increasing.
The problem is so widespread that security training firms have begun offering corporate phishing training. One popular approach is to set up an education campaign where employees are sent fake phishing emails. If they fall for the scam and click through the link, they are taken to a portal with information on how to prevent breaches and identify malicious emails. Experts say this method of hands-on training creates greater awareness than simply dictating information from the front of a boardroom or warning employees to be vigilant. Users trained in avoiding phishing scams fell for the ruse 42 percent less than those who received no training at all.
With targeted attacks on the rise – businesses with fewer than 250 employees are the fastest growing segment – employee vigilance and ongoing education will continue to be of the utmost importance. As technology advances, so will the attacks. To protect ourselves and our businesses, we need to be prepared. Chances are the con artists will always try to stay one step ahead.