Find out why hackers are using phishing email scams and how to detect them and warn your employees
Businesses are embracing technology and relying more heavily on the web for communications — attracting cybercriminals with new attack methods. Phishing is a tactic defined by the U.S. government as an online scam that targets users by sending emails that appear to be from a well-known source. The sender could be posing as the CEO of your company or even as a business you frequently use such as Microsoft or Amazon.
Even tech giants Facebook and Google suffered a phishing attack lasting more than two years in which a cybercriminal posed as a large Asian-based manufacturer they regularly did business with. The criminal conned Facebook and Google out of $100 million using fake corporate stamps, email addresses, and invoices.
Businesses of all sizes are targeted. An SMB can suffer from downtime, lost revenue, loss of trust, stolen data, and more due to phishing. There could be more severe consequences, as SMBs often don’t have resources to remediate an attack. According to a 2016 survey sponsored by Cloudmark, the average cost of handling a phishing attack on a mid-sized organization is $1.6 million. An even worse figure, reported by Deloitte, states that one in every three consumers will actually drop your company after it suffers a cybersecurity breach.
What is the main goal of phishing?
Hackers use phishing to:
Obtain your personally identifiable information (PII) or business data
Upload malware or ransomware to your device(s)
Impersonate a trusted person or business to request money
This allows them to:
Exploit your data for money
Encrypt or destroy your data
Steal passwords, usernames, and more
All it takes is for an employee to:
Click a malicious link or attachment
Enter sensitive information
Fall for a false corporate email or stamp
How can you spot phishing emails?
Look for the following suspicious elements when opening your next email.
What to do if you suspect a phishing attack
Ask yourself — Do I know this person or this company contacting me?
If yes, contact the person or company by phone or by going on the company website. Do not click any links or download any attachments.
If no, go back and review the tips for how to recognize phishing. If you see the signs, report the message to the email provider as spam and delete it. Warn other employees if it’s a business email domain.
New signs scammers are targeting SMBs
Users of Software-as-a-Service (Saas) and webmail services – common SMB tools – are now being targeted more than any other group, according to the Anti-Phishing Working Group. The category became the biggest target for the first time in Q1, accounting for 36% of all phishing attacks.