4 things you need to know about phishing
Throughout September, we’ll be sharing four blog posts as part of our security series, focusing on cyberattacks, business protection and a Q&A with our cybersecurity specialist, Jon Inns from Threat Status, who will be sharing his expert opinion throughout the month.
The first in our series focuses on phishing, which has affected millions of companies worldwide and is getting more sophisticated by the day.
Global research by the University of Maryland indicates that hackers around the world attack databases on average every 39 seconds.
Here are four crucial facts you need to know about phishing:
1. Criminals target anyone, from small companies to global chains
According to the 2020 Verizon Data Breach Investigations Report, 22% of observed breaches involved phishing, with 28% involving small businesses and 72% involving large firms.
Assuming that your small business is safe from phishing attacks is a big oversight. If you have access to sensitive information, then your database is a risk, and extra security measures should be taken to protect it. We’ll be covering this later in the series.
2. Hospitality businesses are prime targets
If you work in the accommodation sector, then it’s highly likely that you store all guest details in your database; everything from names, addresses and email addresses to passport numbers and card details. For cybercriminals fishing for identity credentials, hospitality databases are gold mines.
According to Hospitality Tech, many front desk systems in hospitality properties became victims of a substantial cyberattack last year. Hackers sent property-related emails that resembled invoices or reservation inquiries. When staff clicked on the attachment, it downloaded a malicious payload onto the system, allowing the cybercriminal open access to the front desk database. Vulnerable systems are open targets - the best way to counter a potential cyber threat is to train staff and adopt additional security measures.
3. Campaigns can increase during a crisis
Sophisticated hackers exploit critical situations such as the global pandemic to deceive users into handing over their confidential details. They toy with the emotions and stress of coping in an unprecedented environment by sending crisis-related messages that users may not think twice about opening. Cybercriminals will impersonate authorities such as the World Health Organisation or local government, highlighting an action that needs to be taken regarding outbreaks or updated policies.
According to Barracuda Networks, there was a spike in pandemic-related phishing attacks, up by 667% since the end of February. The majority of phishing messages focused on scamming (54%) or brand impersonation (34%).
4. Spear-phishing is much more targeted
“It won’t be a random email, but something much more convincing,” says Jon Inns, CEO of Threat Status. “They’ll possibly use the target’s real name in the email content or perhaps mention an event that they recently attended. It takes more effort to research and set it up for the attacker, but it’s much more likely to succeed.”
Phishing remains one of the most common ways for cybercriminals to infiltrate your business. One way that RMS Cloud have enhanced their software security is by enabling clients to set up two-factor authentication.
Read the next blog in our security series which looks more in-depth at ways to protect your data against online attacks.