Gone Phishing?

Why This Old-School Threat Poses Modern Day Risks

Phishing is a form of cyber-threat that’s pretty much as old as the internet itself. From the moment that people started sending emails to one another, so the more nefarious elements operating online saw opportunities to invade our systems via this particular channel. Be it from a sense of mischievous disruption, or, more often than not, for criminal purposes.

So, given that this is an old style of cyber-attack, then we can assume that things have moved on, then yes? That the digital world has grown more sophisticated, that phishing has become outmoded no longer the threat that it once was – back when emails were still the exciting breakthrough in technological advancement.

WRONG.

Not only does phishing remain a threat to our systems, but it’s a form of attack that is very much on the rise, with reported incidences seeing an increase of more than 200% in the first part of 2016. Further, it’s estimated that more than 90% of ALL hacking attempts originate from a phishing (or more accurately, spear-phishing – see below) incident.

So, it’s quite a big deal.

What is phishing?

Let’s take a step back to understand exactly what we mean by phishing.

Essentially, it’s an attack on your email system. In the ‘old days’ this would typically take the form of a fraudulent email taking the form of a legitimate source – a cloned version of your bank, for instance – which would seek to dupe the recipient into allowing access to personal, sensitive, and financial details (passwords, bank account numbers, and such like).

Now, this is a type of scam that most internet users today are reasonably attuned to spotting. After all, we’re all aware that we NEVER give out passwords online, aren’t we?

So how is it that phishing remains such a pervasive threat?

2 reasons:

  1. It has evolved and grown more subtle in attack
  2. It preys on our online vulnerabilities

Phishing’s modern-day prevalence is not in sending rogue bank emails to personal accounts, but by hitting the workplace, using simple, yet unerringly subtle techniques designed to catch an individual off-guard.

This is the evolution of Spear-Phishing

Spear-phishing is the fairly dastardly, and scarily effective, way that hackers and online criminals seek to infiltrate a company network; infecting it with a virus, paralysing or holding it to ransom, stealing data, or causing expensive downtime issues.

It plays on the idea that individuals are likely to be more prone to missing such an email when at work. Which is where the new subtlety of spear-phishing comes into play.

Where old email attacks might be emblazoned with a familiar (stolen) logo, a spear-phishing attack at a work email will take the exact opposite route. Plain in nature, and looking for all the world like an email you’d receive from a client, supplier, or distributor.

For instance, if your role is in administering dispatch and deliveries, perhaps you’ll receive an email such as:

Dear …….

Please find attached the delivery note for your recent order.

If you spot any errors or have further queries, please call.

Kindly,

Gully Bull Distributors

Cardiff

Or maybe you’re an HR manager that’s been sent a new CV from an unfamiliar recruitment company.

Spear-phishing is not about tricking you into giving out details, it’s about duping you into clicking on an infected attachment.

It works on the idea that we all want to be diligent at work. But we can all grow a little complacent when we’re so used to the work that’s in front of us.

Spear-phishing is such a simple method that, all too often, we miss it; we lower our guard because:

  • We have faith that our spam filters work 100% of the time, so anything that arrives in the inbox must be genuine
  • We are keen to show diligence in our job. If this is a genuine enquiry, it needs to be dealt with.
  • We might be dealing with these types of enquiries dozens of times a day. Raising the chances that we click on the attachment on auto-pilot.

It only takes one click on an infected attachment to do untold damage to a company. Which is why it’s imperative to ensure that your IT security is up-to-date, robust against attacks, and effectively able to quarantine suspect emails (those with attachments from unknown addresses, for example). However, while this is a crucial part of the arsenal in your cyber-security; human understanding, vigilance and training are equally important in a robust, fully-rounded protection of your system.

If you don’t recognise the source, don’t open it.

Posted by on

Related blogs: SabreICT

Tagged with: cyber attack, cyber protection, cyber-crime, phishing

Categorised as: SabreICT

Share this:


Comments


Add your own comment: Add Comment
 

Display Name *:
Email:  
Comment *:

Cancel Submit


 
Sabre Office

Visit our office supplies website

Accept & Close

Cookies

This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link.