We’ve written many times about the dangers of Phishing and the need for every business to protect itself from Phishing attacks. But if you’ve never been a Phishing victim, it may seem like Phishing is some remote danger that is not worthy of your immediate attention and worry. We think you have more than 2 million reasons to worry because Google has recently shared data that there have been over 2.02 million new Phishing sites put up by cyber criminals...this year...and the year isn’t even over yet. That represents an increase of 19% over 2019, with some weeks giving birth to more than 50,000 sites.
Why Phishing Is A Threat To Your Business
Phishing sites are those that are designed to fool visitors -- their Phishing victims -- into believing that they are legitimate sites. According to Secure World Expo, the most commonly impersonated sites in 2020 so far are:
- Apple (10%)
- Netflix (9%)
- Yahoo (6%)
- WhatsApp (6%)
- PayPal (5%)
- Chase (5%)
- Facebook (3%)
- Microsoft (3%)
- eBay (3%)
- Amazon (1%)
But it doesn’t much matter what site is being impersonated as much as it matters that you prevent your employees from responding to the Phishing links, no matter how legitimate they may appear to be. You will see several Phishing and Smishing screenshots on this page, all of which look legitimate, and which drive their Phishing victims to equally legitimate looking websites.
Why doesn’t it matter what site is being impersonated? Because while getting someone’s banking login gives them access to funds immediately, there are also other goals for the cyber criminals.
- Malware Installation: Most Phishing attacks involve the installation of malware. That malware can be Ransomware, with the power to fully encrypt your entire business’s data, including work product, accounting information, email files, and more. It can also exfiltrate your data, moving it to some remote server where the criminals can decrypt the information and examine all your secrets, business or personal. The criminals can threaten to reveal those secrets, including private emails, customer financial records, payment data, proprietary information, and more.
- Spreading the Malware: Stealing Email credentials allows the criminals to impersonate the victim in outgoing emails and make requests in that person’s name. The criminal can see contacts -- including business contacts -- and make requests for funds transfers, fraudulent payment destinations and amounts, and more. More worrisome is that the malware can cause the spreading of the Phishing attack to all of the Phishing victim’s contacts.
Do You Know What Phishing Looks Like?
Do you know what Phishing attacks look like? If so, are you certain that everyone in your company also knows what a Phishing attack looks like?
According to the same SecureWorldExpo article, "About 40% of organizations are only allocating an hour or less to training in a full year. So, we need to think about what can happen in an hour per year if we're really looking at helping people to learn new skills, break bad habits, and change behaviors.
Cybercrime is a moving target which is constantly improving, becoming more sophisticated, harder to detect and harder to remove once you are attacked. If your company is not training its employees to recognize and prevent Phishing attacks, then a Phishing attack might be damaging your company sooner than you think.
Are you Already A Phishing Victim?
Your company might already be a victim of a Phishing scam. Some ransomware is patient, laying low on your network, quietly spreading from workstation to server to other workstations, collecting information about your network and its users, and steadily exporting your data overseas.
Our cyberthreat analysis tools can analyze your network to determine if you have malware already successfully burrowed into your business. Our expert cybersecurity staff can, in most cases, safely remove the threat from your network.
Of course, it becomes much harder, more stressful and more expensive to remove malware than prevent it from attacking you in the first place.
Cyber Awareness Training and Cybersecurity at Digital Uppercut
That’s why we offer Cyber Awareness Training as a part of all of our Cybersecurity plans. While some business owners focus only on the time it will take to educate their employees about Phishing, the benefits of keeping their company safe are far more valuable. If you haven’t (yet) become a Phishing victim, contact Digital Uppercut to help ensure you stay that way. Contact us online or call us at 818-913-1335.