Phishing attacks have become nastier than ever - here’s how to stay safe

  • In 2017, the phishing rate in South Africa was the highest in the world.
  • Spear phishing and CEO fraud are the two most common methods used to target both multinational and SMEs worldwide.

Phishing attacks continue to be the biggest challenge in a majority of organizations. Over the past few years, cybercriminals have developed various new phishing attack methods, which use email and social-engineering techniques to gain access to confidential data.

A common format of duping users is by luring them into clicking on a link or opening an attachment. This malicious link or attachment eventually ends up with users either divulging confidential information or wiring money to an attacker-controlled account.

Why are phishing attacks so widespread?

Over the past few years, phishing attacks have risen to alarming heights. According to Symantec’s Internet Security Threat Report 2018, there was a 92 percent increase in the number of phishing attacks reported in 2017. The report highlighted that the phishing rate in South Africa was the highest in the world, where one in 785 emails was found to be a part of a phishing attack.

“What makes these attacks so effective is that social engineering, effectively hacking the human brain, is actually quite easy to do,” said Dr. Bright Gameli Mawudor, Head of Cyber Security Solutions - Internet Solutions, Business Tech reported. “As human beings, we are very open especially on social media, and all this information is incredibly valuable to hackers. We are the problem. People are the problem.”

Spear phishing and CEO fraud are the two most common methods that are still being used to target both multinational and SMEs worldwide. This kind of attack puts millions of users at risk.

The reason behind the success of phishing attacks is how these emails usually appear to come from a known or trusted source, which, in turn, makes it challenging for the victims to spot a malicious mail. Emails under CEO fraud attacks are often sent impersonating a C-level executive from an organization, which when opened, results in either the compromise of machines or the theft of confidential data.

The main intention of phishing scams is to disrupt business operations and damage an organization’s reputation. This costs entities millions of dollars.

“It’s not just about potential monetary loss, as this can often be recovered – it is reputational damage that is very difficult to recover from. The world is changing and email has become a successful place for cybercriminals to operate as it is far easier to hack a person than a system,” warned Brandon Bekker, MD of Mimecast Limited.

How to avoid getting hooked

  • One of the biggest red flags that can indicate a possible phishing attack is a misspelled word or bad grammar. An email sent by a scammer usually contains broken and/or an unstructured sentence format, which is an indicator of a phishing email.
  • Check the destination of the URL by placing your mouse on it. If the URL looks suspicious, don’t click on it;
  • Do not transfer any funds without checking thoroughly with the recipient. Contact the person directly, if he or she is known to you, before authorizing any transactions.
  • Do not provide any sensitive information by email or over the links that come attached in an email