Phishing attacks are one of the biggest threat to companies. There have been cases where the attackers duped Google and Facebook of $100 million by impersonating as a computer-parts vendor. According to FBI, cybercriminals made at least $676 million in 2018 by tricking company executives or finance departments into sending money to fake vendors.
The reason why most of the email scams are successful is no one can check if the link or the attached spreadsheet is malicious prior to opening it. Also, anyone can send emails to anybody and this makes companies vulnerable to phishing attacks. Cybercriminals personalize these emails and ensure that they exploit weaknesses in human nature.
The most common type of phishing attack is an account verification email. It usually looks like sent by a major retailer or social networks such as Amazon or Facebook stating that your account has some problem which needs a fix immediately. In order to make the email look legitimate, hackers even add logos and company’s address in the email. And, when you click on the link attached in the email, it will take you to a fake website, very similar to the original one. Then the cybercriminals use your login details to commit fraud.
During 2013-14, Yahoo became the victim of these cybercriminals which compromised real names, email address, phone number, and date of birth of 500 million users. Though Yahoo was successful in protecting most of the passwords using the robust bcrypt algorithm. A couple of months later there was one more data breach by a different group of hackers which compromised the data of 1 billion users. Apart from an email address, phone numbers, passwords other information such as security questions and answers were also compromised. According to Yahoo, around 3 billion user accounts had been compromised to date. It decreased the sale price of Yahoo by around $350 million.
According to Marriot International, cybercriminals had stolen data of approximately 500 million customers. The attack targeted Starwood Hotel brands in 2014 and remained on the system even after Marriot acquired it in 2016. It was discovered in September 2018. Credit card numbers along with the expiration dates of more than 100 million customers were stolen. Though it is not sure if they were able to decrypt the credit card numbers. According to a New York Times article, this breach was attributed to a Chinese intelligence group.
A cyber attack on eBay was reported in May 2014 which compromised names, email addresses, DOB, and encrypted passwords of all of its 145 million users. The hackers had complete access to all the users for 229 days and they accessed the data using the credentials of three corporate employees. Financial information of the users was not compromised as it was stored separately.
One of the largest credit bureaus in the US, Equifax fell prey to cybercriminals which compromised personal information along with social security numbers and drivers’ license number of 143 million consumers. Also, the credit card information of 290,000 consumers was also exposed.
Wanna Cry ransomware attack spread rapidly through across a number of computers worldwide in May 2017. It encrypted the files on the hard drive and locked the users out of their PC. It then demanded payments in bitcoin in order to provide access to the user. It locked a number of high-profile systems including Britain’s National Health Service. The vulnerability WannaCry exploited lied in the SMB (Server Message Block) protocol. Cybercriminals tricked Microsoft’s implementation by specially crafted packets into the arbitrary code.
There are many ways for email phishing prevention. The best method for phishing prevention is by educating employees about it and conducting training sessions. You can also deploy a SPAM filter that detects viruses, black senders, etc. You can also deploy a security policy to block malicious websites. Organizations should encrypt all the sensitive information in order to prevent the data in case of a data breach.
Companies must keep an eye on the current phishing strategies and evaluate if their security solutions and policies can eliminate those threats. Informed employees and secured systems can prevent the organization from being attacked through phishing emails.
Spear phishing is the biggest threat to large organizations which targets individuals including top-level executives. Though there have been a lot of phishing attacks on large corporates it can be avoided if proper security steps are taken. Also, there are a lot of companies who provide email phishing prevention by adding an extra layer of security. Not having the right tools and failing to educate the employees can lead to data breach and huge financial loss to the companies.