Over 90% of all cyberattacks begin with email phishing. It’s a startling statistic, but it’s not a surprise: businesses send over 281 billion emails every day. Phishing attacks, which typically ask targets for sensitive information or to download malware, work because they prey on human nature—victims respond out of curiosity, a sense of urgency, even fear. Think of emails that ask for a financial wire or an employee’s W2 form, or emails that send attachments with information like invoices or schedules. These are compelling to any recipient—especially if they look legitimate and appear to be coming from someone within the company or a trusted partner—which is far too often the case with phishing emails.
Tough to Spot: The Rise of Sophisticated Phishing Attacks
Phishing attacks have become increasingly hard to identify. In the past, successful phishing attacks depended upon someone downloading a malicious attachment in an email. Earlier forms of phishing lacked personalization: the classic example was an email designed to look like it came from a major bank and prompting victims to share their login information through a fake link. Attackers would send this out to millions of people, ensuring that it would hit at least a few customers of that bank.
Business Email Compromise (BEC) attacks are a kind of phishing attack where the attackers have either gained access to a business’ email account or created a fake moniker designed to appear as if it came from within the business. In these cases, attackers impersonate key executives and direct actions to be taken. Attackers may inform customers that the business banking details have changed and invoices should be paid into a new account, or request that the CFO pay salaries to a new account.
BEC attacks often use personal information such as the target’s name, position in the company and work phone number. One sophisticated phishing technique actually analyzes and mimics past messages and attachments so that targets receive emails that look all too familiar. In one case, hackers emailed a member of an athletic team a malicious link disguised as a practice schedule.
Additionally, phishing attacks also thrive on personal concerns, often focusing on security alerts, password resets, and communications with high-ranking members of a company. 12% of the top-clicked phishing email subject lines concern security alerts and 7% concern password resets.
The increased sophistication of phishing attacks can have serious consequences for a business. Consider Leoni AG—the world’s largest manufacturers of electric cables—which in 2016 lost 40 million dollars in a matter of minutes, after the CFO opened a heavily personalized phishing email that appeared to come from a company executive. Standard SMS has also become a target with what has now become smishing attacks that echo phishing with similar intent. The point is – this can happen very fast, and it can happen to anybody at any company.
Secure Communications – Protecting Yourself from Phishing
When businesses send updates regarding password resets, infrastructure upgrades, or security alerts via non-secure channels they become targets for malicious actors to mimic when launching phishing attacks. It can then become difficult for employees to differentiate between real alerts and phishing attacks. The sophistication behind phishing attacks today means that businesses need a secure means of communicating other than email or SMS text for sensitive conversations and vulnerable information.
Vaporstream’s secure communications platform allows businesses to communicate efficiently without having to worry that their messages could be intercepted or duplicated. Secure IT communications, as well as other sensitive communications, can be transmitted through our secure platform to ensure security and confidentiality. Vaporstream works outside of your network, therefore ensures communication even during a breach, DDoS attack or outage. You can keep everyone in the loop while you respond to the incident– except the attacker. Employees can also more easily recognize and immediately delete phishing emails with secure IT communications in place.
To learn what makes Vaporstream secure and how we can help you protect yourself from phishing attacks download our datasheet here.
Contributor: Kristi Perdue Hinkle