With the exposure of billions of compromised records over the past decade, coupled with rampant credential reuse, hackers are taking the path of least resistance to compromise organizations’ security.
Phishing attacks, stolen credentials, & exploitation of vulnerabilities were among the top sources of cyberattacks in 2019 according to IBM X-Force.
- 31% of infections were from phishing attacks
- 30% were from scanning and exploiting known vulnerabilities of systems
- 29% were from leaked or stolen credentials
Top tech and social media companies such as Google, YouTube, Amazon, Facebook, & Netflix were the majority of spoofed brands used in phishing attacks.
Hackers impersonate these brands to get you to share your info. They will send an email with a link, directing you to a custom page that mimics the real site.
What do hackers want?
The first goal is designed to grab your credentials. Since way too many people use the same login credentials for multiple accounts, including their work logins, those exposed credentials can be used as an entry point into a business and their systems.
Minimize this threat by making sure employees are using strong passwords for any work-related systems.
The second goal is to have you download a file that contains malicious code – either by downloading a file you may think is a legitimate receipt or by directing you to a site that contains malware that is activated when you visit the page.
Some versions of malware are designed as ransomware which essentially holds your data and system hostage.
Avoid Phishing Attacks!
Because these phishing attacks have become so refined and work so well, ransomware attacks have nearly doubled in the past year in both public and private sectors. Attacks to retailers, manufactures, and transportation sectors were the top targets, where downtime is detrimental to operations adding pressure to pay.
Don’t despair though as these types of attacks are the most preventable.
Having a reliable and updated firewall and anti-virus program will help block most threats, should an employee accidentally click on a suspicious link. Awareness training can teach you and your team what to look out for so you don’t fall victim to the hacker’s sneaky tricks.
Contact our team at 508-205-1114 to learn how to get your team trained to minimize the effectiveness of these phishing attacks.
Leave a Reply