Business Email Phishing Attacks to Reach $9 Billion in 2018
By: Jim Stickley and Tina Davis
October 29, 2018
Being duped by a phishing email on your personal account can be devastating enough, but when it happens at work, the risk magnifies many times over. Email phishing targets business with one purpose in mind: Trick unsuspecting employees into opening an email and clicking on its attachments. By now it’s no secret those attachments contain malware that steals data, money, and reputations. Hackers know it’s proven time and again to work and it sometimes ends with companies hanging up an “Out of Business” sign. A projection by Trend Micro believes BEC (Business Email Compromise) phishing attacks will reach $9 billion in 2018.
Hackers make it very difficult to tell the genuine from the fake, and some are more clever than others. They know that any employee is a human being first and foremost and subject to fall victim to even the best of intentions. Being both human and an employee, hackers often exploit that vulnerability as the one trait they can count on. Aside from the emotional component, the “everyday” emails necessary for a business are also targeted. According to the Internet Crime Complaint Data Center, malicious attachments having to do with invoices, payments, purchase orders, and receipts are the most common email phishing tactics. Employees tricked into providing any type of account numbers get right to the heart of the matter for hackers–financial data leading to easy theft. Whether you’re at work or at home, hackers are always dreaming up ways to get you to send money or give up sensitive data. Below are just some of the topics that hackers use for phishing attacks.
- Urgency. Often impersonating a senior executive, these are emails supposedly coming from the top and require you to take immediate action to pay an invoice, transfer funds, or provide other key details. The assumption hackers make is that an employee getting immediate direction from a senior level executive will do whatever they are asked, quickly and without question. But question it. Don’t go around processes just because it’s someone with more authority than you. Keep in mind what information they request and if that person has no obvious need for it or has never requested anything similar before, call the requestor before taking action. Be 100% sure before you do it.
- Impersonation. It’s not beyond hackers to impersonate the IRS with a tax-related email offering a refund, or, that you owe taxes and need to pay up–and quickly. Either way, remember the IRS initiates contact through the US Postal Service ONLY and never through an email. Hackers also impersonate any number of business operations like FedEx, Amazon, Netflix, and other companies. Emails said to be from these and other entities require an immediate action from recipients; something as simple as asking for account details–financial and otherwise–to steal information and resources. Never click a link to verify account information. Go directly into your account using a bookmarked link or a link you know to be safe.
- Gee, You’re Great! Don’t be surprised to find you may have a fan. Flattery may get one many places, including access to all kinds of confidential information. As difficult as it may be to imagine, getting showered with compliments in an email can lower your guard to a phishing attack. This example shows the lengths hackers are willing to go with phishing emails. They’ll stop at absolutely nothing to grab your attention and catch you off-guard–that’s how it works! Yes, you are wonderful, but don’t click links or attachments. Instead, call up the sender and tell him or her thanks for the compliment. If you don’t know the sender, ask why they’d be so nice and then assume it’s some type of scam.