Sunday, April 7, 2013

Cyber Crime: Phishing Attacks

Many unknowing employees are exposing confidential information on company computers, simply by using personal email.  The danger is from phishing attacks; fraudulent emails with intent to extract financial data.  They lure recipients in with false claims and official-looking emails.  With just a click, malware is uploaded and cyberheist has begun.  Customer data, credit card, bank account, and Social Security numbers can all be obtained.  This can be a serious threat.  Certain industries make prime targets and are more at risk than others.  You'll be surprised to find out who is vulnerable to phishing attacks.
  
In a recent research study, by KnowBe4, several thousand companies were targeted to see if they were safe from cyber criminals.  Small, fast-growing businesses from the Inc. 5000 list were chosen, and publicly available information was gathered.  Domain names and email addresses, easily accessed over the Internet, were obtained and some 28,000+ emails were sent.  Each email was a simulated phishing attack that did not have a malicious payload.  The results were shocking, within a couple hours half of all the emails had been opened.  Of the emails opened, employees from about 500 companies clicked the phishing attack link, exposing private company information.  Before the study's IP address was shut down, they had been able to gather data for about 21 hours.  This can have serious consequences.  It is estimated that small-businesses lose more than $40 million a year to cyber crime.  A growing problem, cyber criminals target smaller businesses and banks in particular due to low investment in IT.  The industries found most susceptible to attack were; travel, education, finance, government services, and in fact IT services.

(https://s3.amazonaws.com/knowbe4-images/KnowBe4+WP+Images/Fail500IndustryGraph.jpg)
It is scary to think that so many businesses are at risk, yet employees are unaware.  The CEO of KnowBe4, Stu Sjouwerman, said, "Most people assume that antivirus software and an in-house IT team provide sufficient data security, but considering that IT is among the most phish-prone industries, it's clear that's a very dangerous assumption to make."  Most people at work do not consider the risks they may be exposing the company to while being on the Internet.  Simply opening strange emails can have severe repercussions.  Cyber crime is a very profitable growing industry, and should be a major concern for small businesses.  Proper training, education, and prevention is crucial for combating cybercriminals.

Articles of Interest and Sources
http://jobs.aol.com/articles/2011/05/24/you-could-be-inviting-scammers-into-your-workplace/ (news article)
http://www.knowbe4.com/fail500/ (research study)
http://dictionary.reference.com/browse/phishing
Posted by at

4 comments:

  1. .April 11, 2013 at 9:33 PM

    Phishing is really tricky like you said it is usually an email that makes itself looks like it is from a legitimate organization or person, but is not and contains a link or file with malware. I also believe that there should be a way for someones inbox to weed out emails such as these through means of scanning the email for malware and virus's. (jcapatin@uncc.edu)

    ReplyDelete
    Replies
    1. Keegan SkeateApril 14, 2013 at 9:12 AM

      Your right, it can be hard to seperate junk and dangerous emails from the rest. Many of these attacks involve official appearing emails. IT works hard to report spam, but it still requires an educated employee to be able to identify any suspicious emails that may slip through.

      Delete
  2. UnknownApril 12, 2013 at 1:01 PM

    This blog reminds me of UNCC's email server. Some emails get blocked and send an automated message while others still get through. I've gotten emails about making quick money and asking for information that I've ignored and am glad I did.

    ReplyDelete
    Replies
    1. Keegan SkeateApril 14, 2013 at 9:15 AM

      Exactly. The system is fairly good at reporting spam, but it is not perfect. Emails just like that can be very dangerous. They target students, and if you are not informed, could easily have personal information stolen, becoming a victim to a cyber crime. Even on the school's email server, students need to be warry of any shady emails.

      Delete

Subscribe to: Post Comments (Atom)