Phishing

It is a scary fact that one out of every three business employees will open a phishing email at work on any given day. Phishing emails are created explicitly by hackers to try and convince you to give up pertinent information about your business or inadvertently make your data vulnerable. Therefore, it is critical that you know all you can as a business owner about email phishing practices. Take a look at some of what you should know about phishing emails, what they look like, and the steps you can take to protect your business.

A Closer Look at Phishing Emails

Phishing emails are specifically designed to trick users into revealing sensitive information. The emails most often look like they are coming from a legitimate sender and contain links that an unwitting user may click on. When these links are clicked, the user is led to a spoof website that is set up to appear as an authentic site. Once on the site, the user is asked to enter credentials, this could be login information, banking details, or other sensitive information. When the user performs these actions, the data given is captured by the spoof website system, and then later, the credentials can be used by the criminals to access real accounts.

A Look at Why Phishing Emails Are a Common Threat

According to a study done in 2017, there are a whopping 269 billion emails sent every day around the world. When you put that into perspective as a business owner, you see that this adds up to a lot of potential opportunities for criminals to attack your business through your employees. The APWG (Anti-Phishing Working Group) says that it is estimated that $9 billion will be leeched from companies and organizations through phishing in 2018.

Hackers who send out phishing emails either have the goal of stealing information and using it themselves or stealing the information to make a profit in another way. Sensitive financial data is often bought and sold on the Dark Web for a hefty sum.

The latest wave of phishing scams has shown up on social media sites like Facebook, Twitter, and Instagram. Direct links to spoof websites are created and proposed in a way to look legitimate, so users click on these links and believe they are being routed to legitimate websites.

Problems with phishing have become so prevalent that reports are gathered consistently to warn the public. APWG’s Phishing Activity Trends Report For The 1st Quarter Of 2018 stated:

263,538 phishing emails were detected
The number of phishing emails was up 46 percent from Q4 in 2017
At least a third of modern phishing websites had HTTPS and SSL certificates

Phishers are primarily posing as payment services, but they have also been known to target webmail services, financial institutions, cloud and file hosting sites, and other industries.

Most Prevalent Phishing Email Subject Lines in 2018

Phishers use phrases and terms in subject lines of their emails that would demand attention from just about any email user. The most common phishing subject lines in the second quarter of 2018 can be narrowed down to ten phrases.

1. Password Check Required

2. Security Alert

3. Email Deactivation Warning

4. Urgent Information for Employees

5. Update to Company Policies

6. Revised Policy Information for Employees

7. Staff Review

8. Mail Label Delivery

9. Change Your Password

10. Delivery Attempt Made

Even though these were the ten most common subject lines used, not all of them were effective at garnering clicks. “Password Check Required” accounted for about 15 percent of clicks. “Security Alert” was also at the top of the list of subject lines clicked with that phrase accounting for 12 percent of clicks. There were relatively the same (between 7 and 11 percent) amount of clicks on most of the other email subject lines.

Avoiding Phishing Scams in the Workplace

Train employees to understand HTTPS certifications do not always mean they are on a secure site
Instruct employees to alert someone immediately if they believe they have received a phishing email or have been fooled by a phishing email attached to a spoof site
Make sure all user passwords are complex and fully encrypted
Avoid clicking links in emails unless absolutely necessary, and you are certain the email is legitimate
Train employees on how to recognize a bogus phishing email
Employ the two-factor verification capabilities every time it is possible on a site

When it comes to phishing emails and scams, a little education will go a long way to protect your business from an attack. If you feel your business is being targeted by phishing emails, make sure you alert everyone in the workplace of the situation and work with your IT service to add extra security.

Albert Najimy

When it comes to technology services and solutions, it's vital to have a knowledgeable and enthusiastic partner who can help clients achieve long-lasting growth using proven IT solutions. Our CEO, Albert, is fully dedicated to assisting clients in improving their technology to gain a competitive edge in their industries. At Boston Helpdesk, Albert Najimy leads a team of dedicated professionals who are focused on delivering exceptional IT services and solutions. With his extensive expertise and practical experience, Albert ensures that clients receive top-quality support and guidance for their IT projects. You can count on Boston Helpdesk to enhance your business systems and stay ahead in today's fiercely competitive business environment.

Ready To Experience The Best IT Services For Your Boston & New England Organization?

Boston HelpDesk is the leader in providing IT services to organizations throughout New England.

Start a conversation with your next IT service team by filling out the form below.

"*" indicates required fields

Phishing Emails: Why They’re a Threat & How to Protect Your Business