Phishing is a very well-known method for hackers to utilize social engineering. Everyone gets hammered daily with spam. Often the email messages in the spam box are just unwanted marketing flyers, arriving electronically rather than stuffed under the windshield wiper of your car. However, many have much more nefarious intent than that.
According to a recent report by San Francisco based security company Cloudmark, found that each successful incident of phishing results in a cost of $1.6 million. These attacks target all types of businesses, non-profit organizations, and government agencies. Attackers attempt to gain trust in some way and will often send several benign email messages before loading one up with malware. Therefore, it is important to educate employees and staff, as well as students how to identify phishing.
There are several things that can happen if a computer is hit with malware. Data can be held for ransom, financial information can be stolen, or customer data can be retrieved. Whatever the end goal is for the attacker, it is likely to cost a significant amount of time and money to the victim to rectify it. In some cases, it means loss of customer loyalty.
It’s not just businesses and organizations that should heed the warning, however. In December, the Anti-Phishing Working Group released a report stating that even spear phishing against individuals is on the rise. Some high profile companies have recently been targeted, including Sony. Users of the online site Ashley Madison found out how vulnerable they were when someone stole information from parent company, Avid Life Media and subsequently posted details about infidelity of users online. Even crowd-funding sites are not immune. Last year, the site Patreon was compromised and 2.3 million records posted online. The information included passwords, email addresses, and donation records. However, unlike the Ashley Madison incident, the motive for that was not obvious.
Spear phishing is becoming more prevalent. Enough so that the FBI issued an alert to businesses to watch for Business Email Compromise (BEC). This type of phishing increased by 270%, yes that is two hundred seventy percent, from January to August of 2015.