75% of organizations around the world experienced some kind of phishing attack in 2020. Here's how to fight the phish.
Phishing. Vishing. Smishing. Spear phishing. Whaling! Pharming! Your service is expiring! Dear Sir and/or Madam! You have 1 new fax. Past due invoice! Your account will be deleted, this is an important message regarding your automobile warranty, uncollected funds, please review the attached- Ding!
You've Got Mail.
Every day you get mail. From coworkers and colleagues. From family and friends. From the PTA and the IRS and the Social Security Administration. More than 306 BILLION emails were sent in 2020- Per Day! 1% of those 306 billion emails were penned by “bad actors”. That comes out to 3 billion emails a day, every day, that are sent with the sole purpose of separating you from your data.
And data is costly.
It is estimated that businesses worldwide lose more than $17,000 due to phishing attacks-every minute! Approximately 20% of all employees can be expected to click on malicious links! More than half of that 20% of link-clickers will then submit their credentials via a phishing website. The global average cost of a data breach is currently $4.24 million. And the most expensive cause? You guessed it, phishing!
So, what can you do? How can you fight the phish?
Know Thy Enemy
Although the tactics have evolved in an attempt to outpace our cyber awareness, there are tell-tale characteristics which can be used to identify phishing in all its forms.
General greetings, regards, and salutations
Spelling errors
Poor grammar
The logo of a well-known brand looks slightly off
The sense of urgency which is communicated by barely veiled threats of account deactivation, or impending legal action due to the unpaid invoice with an updated routing number. They are urging you to click, to download the attachment, to verify your banking info.
These are all dead giveaways, and with today’s security experts and AI-based monitoring platforms, the majority of phishing attempts are blocked before they reach your inbox. And yet sometimes, a finely crafted phish makes its way downstream. It gets past the pattern-matching algorithms put in place by your ISP. It leaps over your next-gen firewall. There are no matches found on your server’s Block List and it swims through the holes of your spam filter. Ding!
You’ve got mail.
Now it’s time to truly fight the phish. This is when you need to employ the greatest weapon in the battle against these bad actors; yourself. You’ve attended the security awareness training led by the specialists at Intelligent CloudCare. They’ve armed you with the skills required to identify even the craftiest of phishing attempts. You now understand the value of your data and the importance of each keystroke.
Your training kicks in.
You notice that the Sender and the From address do not match up. You hover over the Sign On button and see that the URL will bring you to a MicroSaft landing page. You report the phishing attempt to your IT team, and they’ve also been trained by Intelligent CloudCare. Their risk remediation process is triggered; the domain is blocked, message traces are running, recipients are identified…
Another email is received, but this time it’s from the good guys, the IT department, and they’re appreciative, “This is not a legitimate request from a client. Thank you for bringing this to our attention.”
And that’s how you fight the phish.
Sources:
www.statista.com
www.zdnet.com
www.riskiq.com
www.tessian.com/blog/phishing-statistics-2020
The Economist, The world’s most valuable resource is no longer oil, but data, May 6th, 2017 edition
IBM & Ponemon Institute, Cost of Data Breach Study, 2020, 2021
Terranova Security, Gone Phishing Tournament, 2020