Phishing attacks have been around since the 1990s, but they’re still causing trouble for SMEs across the globe. All it takes is one misplaced click from an unwary employee to give attackers the keys to your most sensitive data, or cause mass service outages.
It's crucial to understand how phishing scams work, so you can educate your employees and protect your business against potential attacks.
What is phishing?
Phishing is one of the oldest cyberattacks in the book. Essentially a confidence trick, phishing typically involves an attacker communicating with their intended victim via email, social media or even by phone.
Corporate phishing attacks are either fired out in a scattergun approach to reach multiple users or they will target specific members of your team. Often, the email or online message will be a spoof that appears as if it came from a reputable source. Traditionally, the scam asks your users to provide personal details, such as corporate logins, giving hackers access to your network.
Another tactic involves tricking your user into clicking on a malicious link or opening an attachment. This, in turn, could download covert malware with the goal of either stealing sensitive corporate information or, if it’s ransomware, locking you out of your own systems until you pay a ransom.
Recently, attackers hijacked LinkedIn accounts to send authentic-looking direct messages containing phishing links. They even began taking over corporate Office 365 accounts to send phishing emails within companies to make it look like a so-called 'insider' attack.
A global threat
Phishing is a growing problem for SMEs across the globe. According to a recent PhishLabs report, phishing volume has grown by more than 33 per cent on average across the five most-targeted industries, with the U.S. accounting for more than 81 per cent of all attacks.
Things are no different in Australia, with more than 20,000 phishing reports filed with the Australian Competition & Consumer Commission since the start of 2017.
One of the biggest scattergun phishing attacks happened just recently when a sophisticated Gmail-borne campaign attempted to hijack global email accounts en masse. One security firm observed more than 3,000 organisations compromised in just a matter of hours.
So, what can your business do to ensure it doesn’t fall victim to such an attack?
Safeguarding your business
End-user education is critical to protecting your company against phishing.
Train your staff to spot the warning signs of an attack, such as spelling mistakes, unfamiliar greetings and other inconsistencies in digital correspondence. Teach employees to treat all unsolicited emails with suspicion and never click links or open attachments without first checking with the sender.
Make sure you also invest in adequate security software that includes anti-phishing filters. Keep in mind that this will minimise, but not eliminate, hoax emails.
Ultimately, phishing is an unavoidable risk that SMEs simply need to remain vigilant against like any other danger. However, by familiarising yourself with the warning signs and addressing such attacks as part of a comprehensive cybersecurity strategy, you’ll be able to help prevent your business from becoming a victim.