Today's cyber criminals have become very sophisticated in their attacks on both the private and public sectors. One commonly used method in the cyber-attack toolbox is email phishing, where the attacker attempts to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity.
Typically, emails that appear to be from popular social websites, auction sites, banks, online payment processors or IT administrators are commonly used to lure an individual into opening the email and clicking on embedded links that are infected with malware. In fact, email phishing is one of the most common forms of attack since most of us depend upon and use email daily, either at work or at home.
While masked as coming from institutions or people you trust, the new frontier of phishing is scams targeting mobile apps. In recently cited studies, an explosion of fake notifications are imitating messages from mobile applications we use and trust every day. Specifically targeting , these phishing attacks leverage cross-platform mobile apps to spread the greatest destruction. The rising popularity of mobile devices means that phishing attacks aimed at stealing Apple IDs are becoming more frequent. Through the first quarter of 2014, Apple ranked 17th among the organizations most often attacked by phishers. Mobile Devices Increase Business Risks
The cost of phishing
For financial services companies, the fraudulent collection of personal customer information can result in loss of consumer or client confidence in a brand. This is but one of the great risks of identity theft that costs the financial industry billions of dollars each year.
Gartner Group estimates that theft through phishing activities costs U.S. banks and credit card issuers an estimated $2.8 billion annually, and between $61 million per year to $3 billion per year in direct losses to victims in the U.S.
How to prevent a phishing attack
Unfortunately, there is no silver bullet that can be fired to stop these attacks. However, there are several steps and guidelines to follow and practice which will mitigate risks and the potential impact they may cause within an organization.
- Be Suspicious of emails that contain the following:
- Grammar and/or spelling mistakes within the company header, email address or the message.
- Generic salutations.
- Requests from a financial institution for your password, personal information, credit card information or other actions like a wire transfer. If you have doubts, you should call the company or their customer service department to verify that the email is legitimate.
- Suspicious attachments, especially from someone with whom you're not familiar. If you receive an email from a trusted friend or colleague, call or text them to ensure that the attachments are legitimate.
- Suspicious Links: If emails contain links that might be doubtful - DON'T CLICK ON THEM! They could be malicious and lead to an infection of your computer. Follow the guidelines above, and if you are not sure or require additional assistance, please forward the email to your company's IT Security Team.
- Common Sense: Finally, the best tool you can use to avoid an email phishing attack is common sense. If an email seems suspicious or too good to be true, feel free to hit the delete button.