While a tiny fraction of attacks relies on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.
Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It’s often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.
Social engineering is the key element in mimicking your routines as a business and ensuring their best-chances of success. If a user might be suspicious of ANY email, claiming to be from a colleague arriving at 10:00 PM your time, instead your working hours are when these campaigns hit, creating spoofs of legitimate emails, from well-known brands with the hopes of you interacting with it, and set off an attack.
No Geek Speak
Let’s get real for a moment here – phishing is one of the cheapest, easiest cyberattacks for criminals to learn, buy, and deploy. Just a few weeks ago, the FBI noted that Business Email Compromises are the leading attack vectors. The reason it continues to remain at the height of its potential is due to the large volume of interaction they receive. Put simply, phishing works and it can be difficult for many to implore the proper expertise when securing email systems and policies.
Although many attacks are designed to look legit, there are still ways to identify what could be a malware attack, just under your nose. If in doubt, contact the “supposed” sender of the sender to test its legitimacy. It’s worth noting that cloud providers like Microsoft, Amazon, and Google won’t ask you to click through weird looking links/URLs that ask for credentials. If one of your colleagues or yourself find something that appears suspicious, just close the email and go directly to a browser. Make sure you go directly to their website and login to check any alerts or notifications in online portals, not through email links.
Phishing by the Numbers
- 74% of respondents say email attacks are having a major impact on their businesses. The most common effects cited were loss of employee productivity, downtime and business disruption, and damage to the reputation of the IT team.
- 78% of organizations say the cost of email breaches is increasing.
- Spear phishing is becoming more widespread: 43% of organizations have been the victim of a spear-phishing attack in the past 12 months.
- More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails.
- 66% claimed that cyber-attacks have had a direct monetary cost on their organization in the past year. Nearly a quarter of respondents advised that attacks have cost their organization $100,000 or more.
- 92% of Office 365 users have security concerns.
- 79% of IT professionals said they are worried about attacks and breaches stemming from inside the organization.
- 94% of organizations say employees are reporting suspicious emails to IT on a daily basis, but 58% say most emails reported to IT aren’t fraudulent.
It’s our responsibility, as the Bay Area’s #1 Managed Service Provider, that we ensure software updates, and security patches are applied regularly, in the case of someone clicking a link, malware can’t rely on any known vulnerabilities. Cybersecurity and technology are going to continue leading the changes, found in today’s business climate. Talk to a Clare Computer Solutions, expert today for a no-obligation meeting, to find out where you stand in today’s cyber-climate.