The 3 Most Damaging Phishing Attacks On Businesses – And How To Stop It Happening To You
How bad can phishing attacks be, and how can you protect your company?
Expert Insights / Nov 15, 2018By Expert Insights
Phishing attacks are the number one threat facing businesses in the UK and around the world.
A UK government report found that nearly half of all British business suffered a security breach in 2017. Hacking can have major consequences, like loss of money, private information and customer or employee data.
Phishing attacks involve attackers using fake email addresses to try and trick people into giving away their passwords or financial information.
A common method of phishing attack is account compromise. This involves sophisticated cyber-criminals taking email addresses from websites such as LinkedIn and impersonating them, emailing people from the same company and asking them to reveal information.
Let’s take a look at the top three most damaging phishing attacks on businesses:
1) Google and Facebook taken for $100 million each
Google and Facebook are two of the biggest companies in the world. But even they have been caught hook, line and sinker by Phishing attacks.
In 2014 Phisher Evaldas Rimasauskas impersonated a large hardware manufacturer.
For two years Rimasauskas sent Google and Facebook fake invoices, making over $200 million dollars before being caught.
2) Sony Pictures hack causes leak of over 30,000 documents
This is one of the most famous examples of how phishing attacks can catch more than just money. A group attacked Sony after they refused to withdraw a film mocking North Korean leader Kim Jong Un.
This targeted attack used more than just fake emails. Hackers actually gained access to Sony’s building by tricking employees. They impersonated IT staff, then used their credentials to plant malware on Sony’s systems.
This led to the leaks of tens of thousands of employee’s personal information, film scripts and highly confidential personal emails.
3) RSA Security allows access to US Defense Suppliers networks
One of the most ironic attacks was on a well-known cyber security company. RSA Security offers cybersecurity to a range of businesses and departments of the US government.
But all it took was one employee from their own company to leave their systems vulnerable. In 2011, an attacker sent out an email titled ‘2011 recruitment plan’ to a small group of employees.
The email was loaded with a virus contaminated Excel file. One person opened this file, which gave the attacker access to other employees passwords, and thus the whole system became vulnerable.
This gave the attacker access to many US government departments and US defence suppliers networks.
So how can you protect your business from a phishing attack?
You may read the stories of multi-billion dollar companies being hit by phishing attacks and think it’s impossible to prevent. But this isn’t the case, and the risks can be minimized through a combination of:
Training employees to spot phishing attempts
Employing a layered approach to email security using both email security at the gateway and either advanced threat protection or AI-based email security
Implement Effective Email Security
Implementing a Secure Email Gateway should your first line of defense against phishing attacks. Email Gateways act as a firewall for your email communications, blocking any emails containing malicious content. They can also detect domain spoofing, protecing users from email that is impersonating one of your legitimate contacts.
Alongside email gateways, businesses should also consider implementing Post-Delivery emaill protection. Post-Delivery Protection platforms sit within your email inbox, and use machine learning systems to detect and remove phishing attacks using data from anti-virus engines and global intelligence networks. They also allow users to report emails as phishing attacks and give users the ability to remove these emails automatically. They also allow admins to place warning banners on suspicious emails, helping to reduce the likelihood that users will fall for phishing attacks.
A report found that 27% of employees will fall prey to phishing emails.Getting employees trained to identify and report suspicious looking emails should be your first line of defence against attacks. There are a range of companies selling Security Awareness Training, which does exactly that. These companies send out simulated phishing campaigns and then provide training and education to employees that need it.
IRONSCALES is a comprehensive pre-post-delivery platform designed to quickly detect malicious emails and respond to them automatically in seconds, blocking them for good. IRONSCALES uses both AI and real-time human intelligence with the speed and simplicity to stay ahead of new threats.