Have you ever wondered how a phishing campaign works? What’s behind the scam emails you receive almost every day?
Thanks to Verizon’s latest report, we can now understand that the fraudulent email is just the tip of the iceberg, there is much more hidden beneath.
Study the prey
First things first: attackers do a bit of background analysis about the business they want to target (your company, for instance). They look for information like your corporate email domain and layout, email addresses of board directors, suppliers, the bank your company relies on and more, with the final aim to maximise the likelihood that their attack will succeed.
Craft the perfect email
Secondly, they create a replica of your corporate email or of any other entity you might expect to receive email from (like the bank, a supplier, HMRC, etc.). It looks genuine so as not to raise any alarm or suspicion, and it usually contains a malicious link or a malware-infected attachment. According to Verizon’s report, one in three recipients opens the phishing email within an average 1 minute and 40 seconds of receiving it.
Alter your behaviour
The email uses social engineering techniques to persuade you to act. This might be to get you to click on the link provided or open the attachment, and may also encourage you to forward the email to colleagues, which multiplies the chances that the link or attachment will be opened. The report states that 12% of targets swallow the bait, on average after 3 minutes and 45 seconds. Cyber criminals 1 – Company 0.
Easy route for criminals
Without you knowing, the malware has been successfully installed and it begins stealing credentials and information that will be used later to access secured accounts, wire money, control machines and systems, etc. The result? Data breach.
Defend your company, recognise phishing scams
Your company can build barriers to stop phishing emails from reaching you and your colleagues’ inboxes, but the ultimate guard defending the corporate system is you. If you know how to recognise a scam and inform your IT department about the threat, you can save your company from data breaches that could lead to financial losses, monetary penalties, loss of reputation – or even closure of the business.
The Phishing Staff Awareness Course has been specially developed for you to raise awareness of phishing attacks. Delivered online, and packed with real-life examples, non-technical explanations of what phishing attacks are and best practices to recognise them, you will get invaluable information to safeguard your company’s security.