Recently, the FBI has issued a public service announcement warning businesses about the rising number of phishing or business email compromises. Phishing is not a new concept. However, these scams are becoming increasingly sophisticated – so much so that since January 2015, the total losses due to business email compromises have skyrocketed to $3.1billion. This reflects a 1,300% increase in reported losses.
What is phishing?
Phishing is a scam that carefully crafts email messages to appear from credible and well-known enterprises. Their purpose is to get the recipient(s) to:
- release personal information that will be used for identity theft, AND/OR
- trick the recipient(s) to download malware onto their workstations.
Click here to view the full infographic.
The following covers 3 phishing attacks that are becoming more common:
1. CEO Frauds.
This is a scam that attempts to impersonate a high-ranking executive – e.g. your boss, your director or even your CEO, to direct transfers of funds or other similar activities. This scam involves researching on the organisation’s structure.
In April, there was a 270% increase in CEO frauds since the start of 2016. Toy maker Mattel was a victim of this attack in 2015 – the attackers almost got away with $3 million. Basically, this scam is hinging on the assumption that employees will not question email directives from a high-ranking executive – especially when terms like “Requests” and “Urgent” are being used in the email.
What do you do when you’ve been phished? Find out more here.
2. Ransomware
Another type of phishing attack hides malware within the email content. Clicking or downloading content or links contained within the email will result in an installation of this malware. Consequently, the malware is able to encrypt your data or restrict access to your computer.
Your data is valuable to your company – and now, it’s held for ransom. According to a research conducted by PhishMe, 93% of phishing scams during March 2016 were used to distribute ransomware. Ransomware is getting easier to distribute and it provides an easier and faster means for a quick cash returns.
What do you do when you’ve been phished? Find out more here.
3. Soft Targeting
These are attacks that target specific individuals based on their job scope. Hackers would observe these individuals and their roles in order to customise an email to them that appears more credible. Such emails might include billing, shipping or job application content.
What do you do when you’ve been phished? Find out more here.
Find out how you can spot phishing emails here.
