Skip to content Skip to footer

Like Shooting Phish in a Barrel

It seems that on an almost daily basis these days we’re bombarded with news of internet scams, our favourite brands falling victim to hackers or stories of ordinary people being extorted through ransomware. We’re becoming ever more aware of large-scale security and data breaches across all industries which are unfortunately becoming increasingly prolific and complex.

A recent cyber security survey carried out for the UK government identified as many as 76% of organisations suffered a phishing attack in the last 12 months. With 94% of all malware being delivered by email it is by far and away the number 1 vehicle and a clear area of vulnerability to all organisations.

An example Office 365 phishing email

  

So what is Phishing?

Phishing is an attempt to gain information by misleading the user, often posing as a legitimate contact.

These attempts are most commonly seen as an email and request the user to enter their personal information on a webpage which, to the untrained eye, appears to be a trusted site.

Phishing and Spear Phishing?

There are two main types of phishing attacks, Spear Phishing and Phishing.

Phishing is typically an automated attack sent out by malicious software infecting the target and repeating the attack to all the contacts within in the infected account.

  • Targets: Everyone – These automated attacks don’t discriminate. Anyone and everyone is a potential victim!
  • Outcomes: Stolen data, risk of blackmail to regain access to files and the abuse of contacts/E-mails to further expand the breadth of the attack.

 

Spear Phishing is a calculated, targeted approach with the goal of extracting money from a business. A typical example of spear phishing would be the impersonation of an employee to send an email to the finance department requesting a fraudulent payment;

“Please pay Company X, the sum of £150,000”

This legitimate looking request accompanied by a professional invoice and bank details take time and research for the attacker though they stand to gain far more when successful.

  • Targets: Managers, C-Level Executives, Directors and finance teams.
  • Outcomes: The extortion of finances and confidential company data.

Both types of attack have measurable financial impact however far harder to quantify is the damage to brand reputation and customer trust. The results of which can be ongoing and far reaching.

What can I do to protect my business?

Training and awareness – It’s nigh on impossible to stop these emails hitting inboxes, training staff in key areas can help them identify potentially damaging emails. The best means of avoiding an attack is not clicking on a link they are unsure about!

Security – Securing your business’ email system is a key means to limiting and restricting the damage phishing attacks can have and to stop them from spreading. Having a good Password Policy, Multifactor Authentication should be seen as starting points for all businesses.

Technical enhancements – There are layers of technical enhancement that can be incorporated into an email service to improve resiliency. These can include additional mail filtering, contextual access or simply ensuring you’re utilising the latest software versions and security patches!

Seek professional help – If you need advice or would like to talk to someone about how to better secure and protect your business speak to someone that knows the landscape.

At Coffee Cup Solutions we understand what is needed to ensure your organisation has resilient defence against would be attackers. To understand what we can do for you get in contact.

Leave a comment