The attempt to steal someone’s personal information for financial gain is nothing new. It started up long before the creation of the internet. Some techniques have become difficult to identify due to how clever and crafty the phishing attempt is. Other attempts are seemingly blatant and obvious, and yet they continue, mostly because it only takes one individual to slip up and fall for the phishing attempt to make it profitable. During the COVID-19 pandemic, the majority of workers shifted from working in an office setting to working from home.
It took some time, and there was a learning curve, but many businesses have figured out ways to run their operations smoothly after a year. However, there is one major downside to working from home. Phishing attempts have dramatically increased during the pandemic. Or, at the very least, noticeable phishing attacks. Office networks are designed to protect against the majority of cybercriminals, so many of these attacks are never noticed.
The same is not true with individuals working from home. If you run a business, and you have employees either working from home or bringing their home computer into the office, you need to establish new security protocols to protect not only your employee’s information but your company information as well. While COVID19 phishing attempts are on the rise, here is what you can do about it.
All About COVID19 Phishing Attempts
Most Businesses Were Targets Of Phishing Attacks In 2020
According to research published by Tessian, 75 percent of all organizations around the world were targets of some kind of COVID19 phishing attempts in 2020. Thirty-seven percent of all businesses said they were targeted between 11 and 50 times, 28 percent said they were targeted between 50 and 100 times, and 12 percent of businesses said they were attacked over 100 times. Those are significant numbers. Even if your business was targeted 11 times, it only takes one to drag down your entire business. Loss of financial information can lead to customers not only leaving your business but hitting you with lawsuits because of the information breach. A single successful phishing attack can financially ruin a business, which is why it is so important to do what you can to safeguard against such attacks.
Most Attacks Come Via Email
According to the same research by Tessian, the majority of all phishing attacks come via email. How many? Around 96 percent of all attacks are email-based. Thankfully, with most phishing attempts attacking you and your business coming through one location, it is easier to defend against, although it also hinges on your employees not opening corrupt emails that will infect their computer and the work network as well. The most common subjects for phishing emails in 2020 were: Important: Please Read, Fw: Urgent Invoice, Payment is Urgent Do Not Ignore, RE: Finance Request For CEO of Acme, Attention: Credentials needed for login to secure mainframe.
Other common subject lines used, especially with the shift in at-home work during the 2020 pandemic, include Google Pay, Zoom Scheduled Meeting, RingCentral, Microsoft 365: Action Needed, Amazon: Action Required, and so on. Many of these emails are trying to prompt an immediate response, which ends up pushing several email recipients into clicking not only on the email but also on the link within the email.
Yes, most of those subject lines scream fake and a scam. However, it’s easy to find yourself in work mode, sifting through emails, and you see something mentioning an urgent invoice, and you click on it without even thinking about it. This is what most phishing scams count on. Not to sneak past most recipients, but for one or two people to click on the links without thinking twice about it.
The Impact Of A Phishing Scam
Your business can be impacted in several ways should a phishing scam prove successful. Eighteen percent of organizations that were successful targets said they experienced a financial loss, while 29 percent were infected by further malware, 47 percent were infected by ransomware, and 52 percent had credentials or individual accounts compromised. However, the most common result of a successful phishing scam was 60 percent of those impacted said they lost data. And once that data is lost and out there in the internet world, there’s no getting it back.
What To Watch Out For
You might still receive random emails from obviously fake accounts. The sender’s email address has so many strange characters it’s a dead giveaway. And yet, the more successful phishing emails will pretend to be another company and will often replicate the font, warning emails, and other messages rather well. The most commonly impersonated brands include PayPal, LinkedIn, Microsoft, Amazon, Google, DHL, Ikea, Chase, and Rakuten. Chances are you’ve received some false emails from cybercriminals attempting to pass themselves off as these companies. It’s always a good idea to not only check the sender’s email address (this can be a dead giveaway) but perform a Google search of the message itself to see if it is a known false email.
Don’t Leave Your Business Exposed
With more cybercriminals looking to attack your business, you need to step up your security game. But how can you go about doing this when so many of your employees are working from home (or, at the very least, bringing their home computer into the office)? Following these tips will help, but you can still take your business security to the next level.
With the help of our team here at Charlotte IT Solutions, we will perform a complete security audit of your business, identify the problem areas and help implement new strategies in protecting every internet-connected device, both inside your office and out. If you’re ready to upgrade your IT department and further protect your business from cybercriminals, give our expert staff here at Charlotte IT Solutions a call today.