People are your best defense against phishing attacks and other cybercrimes, but you must educate them or they can be your greatest vulnerability.
As indicated by the headlines below, phishing – the activity of defrauding an online account holder of financial and/or personal information by posing as a legitimate company or institution – and its criminal sidekicks spearphishing (targeted phishing) and whaling (targeted phishing at high-profile individuals) is one of the most popular forms of malware.
Phishing involves sending out fake emails or directing respondents to a fake website where they are tricked into entering account information, which can result in loss of personal or corporate data, breaches or worse. You may recall some of these stories in 2016:
GoDaddy customers target of phishing scam
Brutally efficient phishing scam takes advantage of PayPal's awfulness
Dropbox breach may be fueling phishing campaigns
American Express customers phished using phishing prevention scam
Yahoo breach leaves more than 1 billion accounts compromised
According to a recent report from the Anti-Phishing Working Group (APWG), phishing surged by 250 percent in the first quarter of 2016. The anti-cybercrime coalition observed more phishing attacks in Q1, including detecting a record 289,371 unique phishing websites, than in any other three-month span since it began tracking data in 2004. “Globally, attackers using phishing techniques have become more aggressive in 2016," said Chairman Dave Jevans in the APWG release, "with keyloggers that have sophisticated tracking components to target specific information, and organizations such as retailers and financial institutions that top the list."
The US continued to be the nation hosting the top number of phishing sites, while China was the most malware-infected country. The retail industry was the most targeted sector.
In addition to its growing popularity, phishing is also changing into a much more dangerous threat. As of the end of March, 93 percent of all phishing emails contained encryption ransomware, which represented a huge spike, up from 56 percent in December 2015. The number of phishing emails hit 6.3 million in Q1, a 789 percent jump over the fourth quarter.
An integral component of phishing is social engineering. Humans are the weakest links in any security chain and it is generally much easier to fool someone into revealing their password than it is to hack it. Phishers appeal to people’s vanity, greed, curiosity, altruism, or respect for or fear of authority in order to steal information or allow access to an IT system.
People are the weakest link in security, and that’s especially true when it comes to phishing. According to a recent German study, almost 50 percent of the 1,700 test subjects clicked on links from strangers in emails and Facebook messages – even though 78 percent of them claimed to be aware of the risks. “It is commonly recognized that normal, everyday users just trying to get their work done can be the weakest links in the digital security chain,” said Khushbu Pratap, principal research analyst at Gartner.
Phishing can be very complex, but defeating it need not be. The secret is simple: practice safe computing and you won’t have to worry about becoming another phishing victim.
At Avast, we want SMBs to have confidence in operating online safely. Here's how our business solutions enable businesses to remain viable and thrive in today’s digital landscape.
Here's why SMBs should prioritize the deployment of robust security measures for today’s most common threats while staying abreast of future threats and potential new security capabilities powered by AI.