In the current age where most of the work is done remotely the number of criminal cyberattacks has increased, especially the ones that are based on social engineering techniques. Companies with established cyber threat security system don’t pay much heed to these attacks associated with human error, but these seemingly harmless attacks are dangerous tools in the armory of determined fraudsters.
It is a social engineering trick that cyber fraudsters use to lure you in by acting as a service provider or another person that you are familiar with. They make you click on links, which might help them install malware or enter information that is sensitive and will allow them to build a new attack vector.
Presently, most of the phishing attacks are directed at organizations and not individuals. According to statistics, about 90% of the cyberattacks or security threat related incidents that companies have to unfortunately endure involve phishing. If an organization with weak security system fall falls prey to such an attack it will not only cause a great loss to the reputation and finances of the company but also reduce customers’ trust in the organization.
To try to gauge the level of awareness of the members of the financial department of a company, their email addresses were retrieved. Emails signed with the company’s address were sent to them. The email stated that a new reporting system was to be introduced for the financial department and that their registration is compulsory.
Just as the instructions stated, a link was prepared which led to the site created by potential attacker. They were instructed to log in using their corporate email address. By the end of this test about 75% of the recipients had taken the bait and over 20% had even entered their authorization information, which if the attack had been real would have given potential attacker access to corporate correspondence.
When cybercriminals decide to attack a certain company they read up on it carefully so that the emails they prepare do not raise suspicion. These attackers usually stick to the following rules
- The email must contain reliable facts
- The sender of the email must create an environment of excitement
- The sender of the email must address a certain person or a number of people in a logical and accurate manner
A two-step authorization log-in is a very effective measure. It means that the user must provide extra authentication evidence for access to the corporate system. It is usually a text code sent to the users’ email.
This involves telling your employees to stop using the same password for several applications.
Arrange a training program for your employees where they will be informed about how to differentiate phishing emails from the rest and where to report them.
Cybercriminals use tricks that are often very subtle to gain access to your system. For a successful phishing attack, they even gather information about the company and its employees. That’s why preventive measures are much more effective and save you big headache rather than reactive measures which cost you a fortune in hectic times.