Phishing is one of the most serious threats facing business owners today. Over the past few years, phishing attacks have become increasingly sophisticated and difficult to detect.
Meanwhile, the study “Perception of Cybersecurity among Managers of Polish Companies” was commissioned in 2022 by Sophos*. It showed that more than a quarter of Polish companies do not have a budget for protection against cyber threats. On average, every third manager complains that management boards are not interested in the issue of data and system security.
In this article, we take phishing into perspective. We will explain what it is and what attack methods criminals use and what effects a single attack can have on a company. Finally, we will present ways to combat this phenomenon.
Phishing is a cyberattack technique that aims to steal sensitive information such as passwords, login details or financial details by impersonating a trusted source or institution.
Since the outbreak of the COVID-19 pandemic, the number of phishing attacks has more than doubled. The targets are employees who have moved from offices to homes overnight and whose companies did not manage to equip them with adequate protection, e.g. in the form of filters detecting and blocking access to fake websites.
Organized criminal groups have become the source of attacks, which for profit (and sometimes on behalf of) extort data, and then use them to get into corporate networks to encrypt data and demand a ransom.
Sounds like a gangster movie script? Maybe. The fact is that on this basis, criminals demand an average of PLN 1.5 million ($350.000) from Polish companies for decrypting stolen data. Those that do not have adequate security and backups pay.
The aforementioned SW Research for Sophos study shows that as many as 40% of managers in Poland are most afraid of problems with the company’s financial liquidity as a result of a cyberattack. The greatest fears accompany the staff employed in enterprises with a turnover of up to one million zlotys (as much as 55%) and over 15 million zlotys (41%).
The issue of ensuring the protection of data and systems concerns not only giants, but also the SME sector.
Phishing attacks are supposed to catch us when we don’t expect it. Acting by surprise, the attacker will want to force us to:
Email phishing is the most common form of phishing. A business owner or employee receives fake emails that look like messages from banks, companies or service providers asking for confirmation or payment. They may also contain links to fake websites that look just like real websites but are used to steal user data.
Email phishing is becoming increasingly difficult to detect as hackers effectively imitate the look and content of transactional emails and send them from addresses that are confusingly similar to the original ones.
Spear-phishing is a specific form of phishing where cybercriminals launch attacks on specific employees or groups of employees in order to obtain confidential information or gain access to the company’s network. Spear-phishing attacks require prior recognition of the company and employees, which is why they are most often used against large and wealthy institutions. Attackers often use social engineering techniques to obtain information that will help them defraud employees.
Vishing, also known as voice phishing, is a form of phishing that uses telephone calls to obtain confidential information. Attackers call your company and pretend to be employees of banks, police officers, service providers, or IT companies, and then ask for confidential information or log in to a prepared website.
Smishing, or SMS phishing, is a form of phishing that uses SMS messages to obtain confidential information or gain access to mobile devices. If you associate the alarming message that you have an unpaid bill and your electricity is about to be cut off or the package will not be delivered – this is smishing in practice.
Pharming is a form of phishing that intercepts internet traffic and redirects users to fraudulent websites. Cybercriminals use DNS manipulation or man-in-the-middle attacks to redirect users to fake websites.
Phishing is dangerous for companies and businesses because it can lead to the leakage of confidential information, and thus to the loss of reputation and customer trust. It can also lead to money loss if cybercriminals gain access to a company’s bank accounts or other funding sources.
What to bet on?
Business owners and IT managers need to be aware of the different methods and types of phishing and be able to identify which ones are most dangerous to their organization.
Do you want to effectively protect your company against cyberattacks? Talk to our experts during a free consultation and learn more about effective cyber protection.
Leave a Reply