Phishing: Identifying the Problem

This is Part 1 of a 3 part blog series on Phishing.

You have probably heard about phishing, and you likely have even experienced the issue at some point already.  It affects many people both professionally and personally.

Phishing generally refers to malicious emails. They are typically designed to convince users to “take bait” and click on links that contain malware or to submit personal, or financial, information to fake websites.  The fake websites often mimic those of banks, subscription services, large retailers, or fund transfer companies.

Today, it is easier than ever to set up a phishing campaign and that makes phishing attacks a big problem for businesses.  Almost anyone, from organized crime to small operators, can now quickly and easily deploy advanced phishing technology with little to no technical experience.

As campaigns become more sophisticated and believable, IT service clients need better tools to keep their infrastructure safe from these attacks.

A Growing Concern

Due to phishing’s low cost and relative success rate, it is unfortunately a growing industry. Phishing kits, and ‘phishing as a service’, have allowed bad actors to create a deluge of email-based attacks, sending malware into email inboxes all over the world.

Forty-one percent of IT professionals report that their organization experiences at least daily phishing attacks and 77% report attacks at least monthly.

Phishing Campaign Motivation

Most phishing attack campaigns are for direct financial gain through extortion, data resale, or direct fund transfers.

Data stolen from computers, and servers, can be extremely valuable.  Once stolen, the victim can be extorted to pay for the data not to be publicly released – or the data may simply be immediately sold online.

Ransomware (holding data for ransom) provides a chance to get paid directly from the victims.  Many business owners, and private individuals, have been forced to pay vast sums of money to retrieve their data.

Ways to Balance Security and Accessibility

Since so much of our valuable information now exists in servers, and because these servers are frequently accessible through various user-access points, phishing is becoming more lucrative. These attacks have also become more damaging to our infrastructure and institutions.

IT security efforts work to place valuable data behind firewalls. IT professionals balance these security efforts with operations processes and employee network access. This presents ongoing challenges for IT professionals, for the tools they use, and the processes they employ to train individual users to guard against phishing attacks.

Do you know if your email infrastructure is set up to guard against phishing attacks? Get in touch with us for more information on how to mitigate your risk.