Business’ Biggest Security Threat: Phishing

Business’ Biggest Security Threat: Phishing

cloud securityPhishing – the attempt to acquire sensitive information such as usernames, passwords, and credit card details  or other financial information, by masquerading as a trustworthy entity in an email – is a major cyber security threat to businesses and their customers. In fact, phishing attacks jumped 19% in 2013. Approximately 156 million phishing emails are sent every day, with close to 16 million successfully passing through filters. Roughly 50 percent of the remaining emails are opened, with 800,000 users lured into clicking on a malicious link.

That is 800,000 successful phishing attempts EVERY DAY.

Phishing scams continue to evolve. Some attacks combine phishing with a malware attack, which spoofs a user into inadvertently installing malware on their computer. Last year, there was a significant rise in phishing attacks on shared virtual servers.

While the financial industry is a primary target for phishers, no business is safe. It is essential that businesses take proactive steps to protect against phishing attempts. This includes training employees and customers on safe internet use best practices and teaching them how to spot phishing attempts. Employees should also learn how to recognize a valid, secure website before they provide any sensitive information.

Here are a few of the most blatant signs of a phishing attempt.

– Misspellings – it might be a simple misspelling of a popular website or look like a basic typo

– Generic greeting instead of a personal call to action – this especially applies to emails asking for your personal information (ie a bank, credit card)

– Account status threats

– Requests for personal information

– Fake domains and fake links

– the URL is HTTP – Secure website will have an HTTPS web URL, that “s” is key to signaling security

– Click the padlock on the address bar in the browser window to confirm the sites’ SSL certificate. SSL certificates enable encryption of sensitive information during online transactions and validate the certificate owner’s identity.

ACE IT Solutions offers security awareness training, one of the most effective way to protect against cyber attacks. Contact us at 646.558.5575 to set up employee cyber security training. Read more about our security awareness training here.