The threat of phishing attacks is not new, but is growing. In fact, according to Symantec, one in 131 emails contain malware, which is the highest rate we have seen in over 5 years. It is also estimated that phishing emails target over 400 businesses every day which have led to an average of a $1 billion loss over each of the last 3 years. According to a study done by PhishMe, 91% of cyber attacks now begin with some sort of phishing email. Phishing is clearly is one of the favorite tools hackers use to initiate all the types of cyber attacks.
How do hackers get users to engage with their email? Here is the data broken down by the study:
As you can see, hackers use sophisticated themes in order to get your employees to click on the malicious filled emails they send.
What motivates employees to click on phishing emails? See for yourself:
One thing is for sure, employees never seem to hesitate to click on phishing emails. Sophos put together a video to illustrate this:
This video may seem like a joke, but it's not. Time and time again we read about the damages an organization faces all because of one simple click of the mouse. The fact of the matter is that these phishing attacks can cause some serious damage. Here are three phishing attack examples:
Yukon School District in Oklahoma faced a devastating cyber attack when one of the HR employees opened up an email from the school Superintendent who requested the tax information for all school employees and teachers. The HR employee complied with the request only to find out later that the email wasn't actually from the superintendent, it was from a hacker. This phishing email was so convincing that the hacker received the social security numbers of all the employees and teachers along with other sensitive wage information. This is a common technique for hackers to use because they would then go and file fake tax returns and claim the tax returns for themselves.
It was discovered earlier this year that employees at both Google and Facebook suffered a significant phishing email attack which cost them millions of dollars. The hacker posed as a Taiwanese electronic manufacturer, according to The Verge. The hacker had forged email addresses, invoices and contracts which was enough to convince employees at both Google and Facebook to send him money. The money was then forwarded to bank accounts across the world where the hacker could then access it.
No business is too small for a hacker. This last example is not specific but it is all too common. The phishing attacks on small businesses. According to Fox Business, almost half of cyber attacks worldwide are against small businesses. This is not surprising since many small businesses don't have protection against such attacks. Hackers understand this and consider small businesses an easy way to make some money. Another staggering statistic is from CNET who says that these cyber attacks cause one out of every five businesses hit to shut down. Cyber attacks may very well be the biggest threat to small businesses and it is only getting worse.
Phishing is just one of the many types of cyber attacks. However, it may very well be the one that should concern you the most. Phishing attacks are inevitable and protection is needed. No matter how much trust you have in your employees, one of them is bound to click on that malicious link.
Currently, we are doing a giveaway for a free phish threat simulation campaign. For more information and to enter, click below.