Phishing Scams: Don’t Take the Bait

What Are Phishing Attacks?

Phishing scams are emails, text messages, or phone calls that seem trustworthy but are actually designed to steal your personal information. Also, they try to trick you into downloading malware. The goal of the phisher is to compromise your network or data.

How Do They Work?

Basically, phishing attacks work because they disguise their communication or web pages as being from a trusted source. As a result, you believe the request is real, prompting you to take an action like clicking on a bad link or giving up information. 

As a social engineering scheme, phishing works very well. Human nature is very trusting when it comes to messages we believe to be from legitimate sources. Does that mean businesses are losing the war against phishing? There are a few studies that would seem to suggest so.

What the Surveys Have To Say

A recent Cloudian survey found that 65% of victims, regardless of the anti-phishing training for their employees, reported phishing as the entry point for ransomware. That’s not all. 

Ivanti recently published a study surveying 1,004 IT professionals about their experiences with phishing scams. Further, it showed that 74% of companies have been tricked by phishing in the last 12 months. Not to mention, 40% of these companies became victims in the last month alone.

Ivanti’s study reported that 80% of those who completed the survey stated that the volume of phishing attempts increased. Further, 85% of those surveyed reported that these attempts were more sophisticated, therefore harder to detect.

In the USA alone, the FBI has recorded a total loss of $3.5 billion USD in 2019 to both businesses and individuals as a result of phishing attacks.

What Caused This Increase in Phishing Attacks?

Due to the coronavirus pandemic, there has been a massive increase in remote workers. This gave hackers and scammers a larger opportunity to scam users more easily with new phishing scam designs. Smishing scams are designed as text messages, whereas vishing scams are voice-call phishing attempts. 

Further, the reason that these scams make it to the user is due to less IT security for remote workers. A home’s WiFi is commonly less secure than a company’s network, which makes it easier for hackers to gain access to your information. Plus, with more people working on mobile devices (and using public WiFi), any hacker can easily use your device as a phishing target.

Why You Should Worry About Phishing Scams

Ransomware and Business Email Compromise (BEC) often use phishing as their entry points to access your network and data. The Cloudian study reported by ZD Net found that 25% of all survey respondents said their ransomware attacks started through phishing. That number grew to 41% for businesses with less than 500 people. Also, Cloudian found that the average cost to an organization was $500,000 USD. 

How To Prevent Phishing Scams

These studies make it seem like fighting phishing scams is a losing battle. But there are steps your organization could take to help lessen the impact and severity of attacks.  

  • Ongoing employee cyber awareness training is still important. All employees, from the CEO to the receptionist, must be trained to have the best chance of success
  • Use endpoint management software that includes on-device threat detection and phishing detection
  • Make use of the best technology you can afford to identify and remedy threats (e.g. artificial intelligence, machine learning and/or automation)
  • Eliminate passwords in favour of biometrics or enable multi-factor authentication to eliminate the threat from easily guessed or stolen passwords

QuickProtect Can Help

Having a partner in your corner like QuickProtect can help keep your network and data secure from scammers and hackers.

Learn more about how our services can help you win the battle against phishing threats.