Phishing, Whaling, SpearPhishing simply work. That is why this is one of the most successful attacks employed in white-hat hacking because it is what the bad-guys do.
Understanding the Attack
Phishing is a category of attacks that involve sending a malicious email that appears to come from a reputable source. Often this is the first part of financial & wire transfer fraud.
Most common subject lines Used:
- Urgent
- Request
- Important
- Payment
- Attention
By the numbers
- 43% of all breaches in 2020 involved phishing
- 96% arrive in eMail
- 74% of US organizations caught in phishing
- 60% lost data
- 52% had credentials or accounts compromised
- 47% infected with ransomware
- 18% experienced financial losses
Most Impersonated Organizations
- Microsoft (related to 43% of all brand phishing attempts globally)
- DHL (18%)
- LinkedIn (6%)
- Amazon (5%)
- Rakuten (4%)
- IKEA (3%)
- Google (2%)
- Paypal (2%)
- Chase (2%)
- Yahoo (1%)
Steps to Protect Yourself
- “Think before you click, and if in doubt delete”
- Verify the from address.
- Adopt Policies to validate all wire instructions via phone, protect clients etc.
- Start cyber awareness training (free)
- Add external email banners
- Implement 2 Factor for all users
- Use Complex Passwords
- Understand Risks and Business Impact
- Use Cloud-Native secure eMail
- AntiVirus
- Implement Browser and eMail Hygiene
- Update all devices
- Review Cyber Insurance Coverage
- Incident Response and Notification Policy
