Email phishing continues to be a major problem for businesses, with both the number of attacks and their level of sophistication increasing.
These statistics tell the story:
- According to the FBI, Business Email Compromise makes up almost 50 percent of the $1.4 billion in total losses from internet crime.
- In one industry survey, 76 percent of organizations said they experienced phishing attacks in 2017.
- Another survey found that the average user receives 16 malicious spam emails per month. Multiply that by the number of employees in your company — that’s a lot of potential damage for every business to avoid every day.
Business Email Scams Increasing
The FBI tracks two types of scams via emails, and companies should be aware of both:
- Business Email Compromise: BEC is a scam that specifically targets businesses, particularly those working with foreign suppliers or those who regularly perform wire-transfer payments. These sophisticated attacks target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners. These attacks are on the rise. In 2017, these scams cost victims more than $676 million, according to the FBI.
Since the FBI began tracking these scams in 2013, BEC attacks (and the consumer version, known as Email Account Compromise or EAC) have continued to grow, evolve and target businesses of all sizes. They’ve hit large and small companies and organizations in every U.S. state, as well as more than 100 countries around the world — from non-profits and well-known corporations to churches and school systems.
“BEC is a serious threat on a global scale,” said Special Agent Martin Licciardo, a veteran organized crime investigator at the FBI’s Washington Field Office. “And the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”
- Phishing/Vishing/Smishing/Pharming: These are unsolicited emails, text messages or telephone calls, purportedly coming from a legitimate company, but requesting personal or financial data, or even login credentials. In 2017, these attacks cost victims nearly $30 million, according to the FBI.
Luring the Prey
The scammers behind these email attacks use a variety of tactics, including:
- Spoofing, in which slight variations on legitimate email or website addresses misdirect the user.
- Spear phishing, in which targeted phishing attacks appear to be individual, personal emails, therefore increasing their chances of success.
- Malware, in which destructive attacks infiltrate company networks to gain access to email.
3 Steps to Avoid Becoming a Victim
The best protection against these growing threats to your IT environment and sensitive information comes from implementing safeguards that are an integral part of your network infrastructure, software and management right from the start.
- Employ an email security solution that automatically detects and blocks advanced security threats.
- Conduct regular IT security audits, making upgrades as necessary.
- Implement ongoing employee security training to ensure everyone is following the most current best practices, including:
- Using strong passwords and multi-layer authentication
- Verifying the sender’s address
- Only clicking on trusted links or attachments
“The ability of these criminal groups to compromise legitimate business email accounts is staggering,” said the FBI’s Licciardo. “They are experts at deception.”
That underscores why every business should cultivate a culture of security, which is where an IT managed services provider comes in. When you’re ready to talk about protecting your business from phishing scams — or any other outside threats — our expert engineers can structure the right kind of plan, so your team can do its job with a secure information system.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!