Phishing, this is how it works:
You open your email and suddenly an alert, for example from your bank, appears in your inbox. When you click the link in the email, you are taken to a webpage that looks (more or less) like your bank's — but it is actually designed to steal your information.
The alert will say there is a problem with your account, and ask you to confirm your login and password. After entering your credentials on the page that appears, you are usually sent to the actual institution to enter your information a second time.
By steering you to the legitimate institution, you don't immediately realize your information was stolen.
There are a wide range of damages that are being realized by phishing, the most common:
Recent Phishing Attacks
WannaCry May 12, 2017
WannaCry exploited a weakness in Microsoft’s operating systems to deliberately infect computers. When the worm was infiltrated, it encrypted the infected operating systems, rendering them unusable. The hackers subsequently demanded a ransom for unlocking the encryption. Small businesses void of up-to-take IT infrastructure were particularly exposed to the WannaCry attack.
impact of 4 billion dollar worldwide
(non) Petya June, 2017
The Petya ransomware attack hit businesses, preventing victims from accessing their data until they paid €300 in bitcoin. The ransom ware exploited vulnerabilities in Microsoft systems. Shipping company Maersk was a victim of cybercrime and has said, following the attack, it has put “different and further protection measures” in place.
impact of 900 million dollar worldwide
Shadow Brokers August, 2016
Hacking group Shadow Brokers first surfaced in August 2016, but in April 2017 the group made its most impactful release yet. The attack comprised of a trove of alleged NSA tools, including a Windows exploit known as ExternalBlue.
impact of billions of dollars worldwide
IRS Spear-Phishing Scam January, 2017
At the beginning of 2017 tax season in the United States, a spear-phishing attack circulated. The W-2 Phishing scam involved cyber criminals sending out fake emails. The hackers deliberately made the emails look like they were being sent from corporate executives. The fake emails requested the personal information of employees for purposes related to tax and compliance. By the middle of March 2017, the phishing scam had compromised more than 120,000 employees at more than 100 different organizations.
impact on 29.000 American tax payers
How to Protect
Companies spend millions and millions on the best technology in the world, but regardless of what you pay for it, this will not stop your company from being susceptible from cybercrime nor phishing.
The recent WannaCry and (non) Petya attacks have proven just how fragile business IT infrastructure can be.
The first line of defence against cybercrime are the employees: they are the key to protect the company.
Creating awareness with your employees is the best shot in tackling cyber threats as early in the chain as possible. It starts all with awareness.
The very first thing you can do to protect yourself and your company by not being hacked by phishing is employ common sense before handing over sensitive information.
Ensuring your employees understand the signs of phishing is the most important defense against any attack. You can now do this with venclave!