Cybersecurity Snapshots #1 - Phishing Attacks Are Becoming More of a Problem For Organizations
Cybersecurity Snapshots #1 -
Phishing Attacks Are Becoming More of a Problem for Organizations
Research and experience have shown that phishing attacks need to be taken more seriously by businesses and individuals. Phishing is defined as a type of cyberattack that primarily uses email as a weapon. The goal of a phishing attempt is to trick the email recipient into believing that the message contains something they want or need. Some examples include emails that are from an individual’s bank or a note from someone in their company, and some of the emails have a link to click on or an attachment to download. Phishing attempts are one of the oldest types of cyberattacks, and date back to the 1990s. Phishing attempts are still one of the most widespread forms of attack, and phishing messages and techniques are becoming increasingly sophisticated.
In a recent study about phishing attacks, researchers found that the total number of phishing sites detected from July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. This was the worst period for phishing that the researchers have seen in three years, since the fourth quarter of 2016. In addition to the increase in phishing volume, the number of brands that were attacked by phishers in Q3 was also up. The researchers saw attacks against more than 400 different companies per month in Q3, versus an average of 313 per month in Q2. The top targeted industries are largely consistent with previous quarters. Webmail and SaaS sites remained the biggest targets of phishing. BEC (Business E-mail Compromise) attacks remained highly damaging. These attacks target employees who have access to company finances or valued data assets. Adversaries usually conduct a spear phishing attack and try to trick employees by sending them emails from fake or compromised email accounts. According to the researchers, 40 percent of BEC attacks use a domain name registered by a scammer. These domains are often variations of a trusted, existing company name, meant to fool unwary individuals. Unfortunately, employees do fall for these attacks, and the average amount of money that was wire transferred from victims tricked by the emails was $52,325. This study shows why phishing attacks need to be seen as a big issue and brought to the attention to more of the public, and employees of companies.
In another study that surveyed cyber professionals, social engineering via email was most likely to be perceived as a growing threat (55% of respondents reported seeing an increase in July/August 2019). This was followed by DDoS attacks and ransomware (both 54%) and general phishing (53%). Cyber professionals agree that phishing attacks are on the rise, and steps need to be taken in order to make sure more businesses and individuals do not fall for phishing attempts since the number of phishing attempts grow each year.
Studies have shown that the best way to prevent individuals and businesses from being affected by phishing attempts is through education. Once an employee or individual knows how to spot a phishing attempt, then they are less likely to fall for it.