Gone Phishing: High-Tech Scammers are Out to Hook Small Businesses
Computer security breaches continue to make news. From invasions of the IRS to Anthem Insurance to Ashley Madison, skilled hackers are casting an ever-widening net in their search for high-value data, sensitive information and access to funds. Working from offshore hack mills, often in Asia and Eastern Europe, these technically sophisticated cybercriminals are a far cry from the “Nigerian Prince” scams of email’s early days. If the word hacker brings to mind a nerdy teenager hunched over his laptop or a lone wolf in some obscure Internet cafe, think again.
Cybercrime is now an international business – a big one. Phishing, the use of email to penetrate a network for some nefarious purpose, is one of the most common cybercrimes, resulting in $8 billion in losses worldwide in 2014. And in the last two years, according to Microsoft’s Computer Safety Index Report, U.S. enterprises have been taken for a total of more than $750 million as a result of this technique.
Cybercriminals Don’t Limit Their Catch to Just the Big Fish
The bottom line is that your business – large or small – is never completely safe from phishing. PC World reports that 31 percent of phishing cases involve small businesses with under 250 employees. Large corporations can usually absorb losses, but for a small business recovering from a security breach is extremely difficult. Even if the damage to data can be remediated, the cost is high (about $200 per compromised record). Damage to the reputation of a company or its clients is even harder to rectify. No wonder that 60 percent of the small business victims fold within six months of a breach, according to PC World.
Why wouldn’t cybercriminals focus their tech expertise on major targets and let the small guys off the hook, you might ask? The value of the information held by a company is not dependent on its size or its assets. Frequently, a phishing expedition may be motivated by the need to obtain a small collection of data that can then be used in a larger scam or sold to a cyber team that is planning a major sting. And remember, sometimes phishing is driven by the desire for revenge on a company, its executives or its customers. The perpetrators of the notorious Ashley Madison case, which revealed the email addresses of 36 million would-be cheaters, are thought to have been motivated by revenge.
How Do Cybercriminals Go Phishing?
The hook in every phishing incident is a well-crafted email to a company employee (usually more than one) that mimics a legitimate source like a bank, an IT administrator, a payment processor, a frequently used website, the IRS, or even a colleague or client. The email typically asks the recipient to follow links to complete a task or to supply or verify information. Everything about the email and the sites to which the links may lead looks perfectly authentic. Once the links are followed or the information is supplied, the hook is set and the scammers have only to reel in the information they want from the victim’s database.
Can Phishing Be Stopped?
Phishing is almost as old as email. Like all sophisticated cybercrimes, it is difficult to prevent. The culprits are constantly upgrading their technology, and international law enforcement faces challenges in pursuing or prosecuting them in the countries where they are based.
Computer security systems are essential for all companies but even the best of these can be defeated by skilled and determined criminals on a phishing expedition. What can you do? Educate your employees. Set up company email policies. And ensure that you are using the most up-to-date network security. These are among the best defenses against an attack.