Remain vigilant for phishing attacks
Phishing attacks aim to steal data such as login credentials and credit card numbers. Examples seen in 2018 were fake emails from Google or Office365 which look genuine but are not. Once a hacker gains access, they track and learn behaviours of the victim to take advantage of their role.
Usually hackers using phishing attacks monitor the victim’s habits online and make themselves a part of someone’s everyday online life. They can do this through social media messaging and emails. Then the target is then deceived into clicking on a malicious link or attachment. This installs malware onto the device to steal sensitive information. It can even shut down a system as a lead up to the hacker making a ransom demand to return control of the system.
Once access has been ‘phished’, a cybercriminal can bypass security levels. It gives them access to the finance department to change bank details and issue payments. They can even further infiltrate a network using BOTs or malware.
Going phishing is lucrative
According to the ACCC, small businesses lost more than $2.8 million in 2018 to hackers infiltrating internal email networks. With 20,000 phishing attacks, attackers pose as government departments and well-known businesses. The most common form of attack is via email, but hackers will still pick up a telephone.
Phishing poses a real business threat in 2019
The Office of the Australian Information Commissioner (OAIC) reported more than half of the data breaches in the September quarter were from phishing attacks. With the top five targeted sectors:
- health services
- legal, management and accounting services
- personal services.
Legal services were the most popular target. In particular, small legal firms as they handle a large volume of sensitive information and settlements worth more than $100,000.
Spear phishing is the most dangerous form of phishing. This type of attack targets particular people and within a company. Emails can contain information that is true so people are more likely to believe the message is genuine. This makes it difficult for victims to tell the difference between what is real and fake. Even people who are careful are often caught off guard.
Hackers often use social media to track victims to find out the information they need. This gives them what they need to manipulate people into taking the bait. Cybercriminals are investing more than ever into researching potential victims. Social media make it easy for them to find out personal and work information. People are always posting information about themselves, such as travel plans and events. So you need to be careful what information you share online. You never know who is watching or what they will do with the information you innocently post.
Avoiding phishing attacks
Like spam emails, phishing is simple to avoid, but you need to remain vigilant. Never click on any links or attachments even if you think the message is genuine. Always check with the source first, if there is any doubt.
Enabling your business to grow efficiently and effectively – we’re the Rightsize for you.
Small businesses struggle to budget their IT operation and often spend inefficiently with a less than great return on their investment. Rightsize Technology understand: we deliver a minimum 30% reduction on IT overheads as a dedicated outside IT department for our clients. Our unlimited 24×7 support, both on and offsite increases their business productivity and capacity, enabling their business to grow efficiently and effectively – we’re the Rightsize for growing small businesses. Talk to our team today for more information.