New research by Sapio has shown that 54% of Western European 900 IT directors sampled reported instances of employees replying to phishing emails or clicking on links that are within unsolicited emails. This type of data breach can put a whole company’s data system at risk.
Phishing emails are a common method used by cyber-criminals to attempt to distribute malware or receive sensitive data. It is a technique that preys on human error as the emails sent are usually well-disguised as emails that one might regularly receive. They have previously been used to trick people into moving money into rogue bank accounts or to divulge sensitive information. They can also be used to delude the recipient into downloading malware that is under the guise of a seemingly mundane attachment.
There have been a number of high-profile cases of phishing. In 2014, a number of celebrities had their nude photos leaked. This was initially thought to be the result of a data breach with Apple’s cloud systems, but it was later revealed to be the product of a number of phishing emails. In 2016, John Podesta, Hilary Clinton’s campaign chairman was tricked into giving away his Gmail password.
Phishing started to become prominent in the mid 1990s, but, with phishing kits being more readily available on the dark web, the attacks are becoming increasingly frequent. One of these kits collates phishing tools and resources that then creates a website designed to collect sensitive information, but is under the façade of a reputable website.
A study by Sophos showed that it was larger businesses who were most vulnerable to these cyber-attacks, despite these businesses being the most likely to have regular data protection training for employees. In Britain, 45% of organisations have fallen victim to phishing attacks in the past 2 years.
We have long been told that businesses and individuals alike need to be planning ahead of hacks and the ensuing data breaches, but with hackers becoming more creative it seems our public cyber security needs to be improved. While businesses normally have excellent and reliable cyber security, it is only as strong as the actions of individual employees, as malicious emails can penetrate even the most robust protection measures. In terms of ensuring that data is safe and secure for the future, there needs to be a concerted effort to educate individuals against the full scope of data threat.
Personal and professional cyber security go hand-in-hand, a chain is only as strong as its weakest link, and employees succumbing to fake emails for example leave us all exposed. The real danger in these circumstances comes when issues arise and are then ignored. Employees need to not only be educated on the preventative measures, but also on what steps to take following a data breach.
TransWorldCom offer the following tips that should be followed when it comes to being vigilant around suspicious emails:
1) Inspect the email address that it comes from:
Return Path studied over 760,000 email threats that targeted some of the world’s most famous brands. The analysis found that nearly 50% of all the phishing emails spoofed the brand’s name in the display name. Despite the display name appearing legitimate, when the email is closely inspected it will not match up to emails that one would usually receive from that company.
2) Check for any spelling mistakes, bad grammar or strange images:
Legitimate emails should not contain any grammatical or spelling errors, but phishing emails are often sent out quantity over quality approach so often contain bad spelling and grammar.
3) Don’t click on any links:
Hovering over a link should tell you the actual URL that the link will take you to. Always err on the side of caution and do not open links unless you are absolutely sure as to where they lead.
4) Don’t download any attachments:
It is rare to receive unexpected attachments in an email, especially from a company such as a bank. If you are not expecting an attachment or if it looks at all suspicious then avoid downloading it.
5) Be wary if an email suggests a sense of urgency in replying, clicking certain links or downloading attachments:
Phishing emails are often blunt and imbue a sense of urgency when it comes to downloading attached items or clicking on suspicious links. It is rare that a legitimate email will require such urgency.
In summary, it is best to be cautious when it comes to emails. Inspect the subject, the email address and the body of the email. If you are at all unsure of an emails legitimacy then avoid opening it, clicking on any links or downloading any attachments. Feel free to give the company that the email appears to be from a call or an email to see if the email really came from them. It is always better to be safe than sorry.
There are ways to increase your computer system’s defences from phishing emails. When it comes to software, make sure that all of your firewalls and anti-virus software is up to date. As a rule, avoid clicking on pop-ups and keep your email inbox clear. It is often easy to get overwhelmed by an overflowing and messy email inbox. Organise your inbox in files and delete any messages that you no longer need.