In a world where we are always connected, most of us check emails habitually anywhere, at any time. According to the Washington Post, we spend nearly 60% of our careers checking and sending emails. If over half of your time is spent on email, imagine how many phishing emails you’re exposed to during that time. Even the most sophisticated spam filters and firewalls out there can’t protect from all phishing attacks. The problem is so prevalent that even the FBI is tracking these emerging financial cyber threats called Business Email Compromise (BEC).
Educating yourself and your employees on how to identify cyber security attacks is extremely important, and typically the most overlooked form of defense. If your users can confidently identify phishing attacks and other forms of social engineering along with the other properly configured layers of security, your organization will have a significantly lower chance of being involved in a costly cyber attack.
Types of Phishing Attacks
Phishing attacks come in all different flavors. Some are generic emails with bad spelling and vague messages. Others might try to trick you into opening a file or taking you to a website to enter your personal/work credentials. Some attempts may target a specific user or organization and do so using specific information rather than something generic. Below are a couple examples of phishing variations.
- Phishing – In general, phishing is the fraudulent practice of sending emails that appear to be from a reputable source to obtain personal information, such as passwords and credit card numbers.
- Spear-Phishing – Spear-phishing is when a threat actor constructs a phishing attack specifically targeting a group of people. Instead of using something very generic they’ll use tactics more in line with the company’s day to day business operations.
- Whaling – Whaling is a specialized version of spear-phishing which targets high-level individuals including, but not limited to, Partners, Presidents, CIOs, and CEOs of organizations.
Phishing Email Example
What really sets the hook on users during phishing scam attempts isn’t just the fact the email looks real, but that they come with a sense of urgency or threat attached. Here is a prime example of a phishing attempt that claims to be from Office 365. Notice how odd the domain address looks and even the user address looks off. The body contains a threat of account closure and a link to what is likely a phishing website built to harvest credentials.
The Cost of Securing Your Organization
Email is a great tool that allows us to do so much in real time. Unfortunately, there are cybercriminals exploiting technology for their own personal gain. According to the FBI, losses due to BEC in organizations are beyond $12.5 billion to date, with the average cost of a data breach reaching $3.9 million.
The yearly cost to continually educate your current and new employees? In most cases, it would cost below 1% of the average amount of a data breach and save you time, resources and immense damage to your brand. The Anders Technology Services Group is here to help protect your business from cyber security attacks that could cost you time and money. Our team can implement a cyber security training program within your company to educate employees on the latest best practices to avoid cyber attacks. Contact an Anders advisor to learn more.