4 Ways Your Business Can Prepare for the Next Phishing Attack

Phishing is a major vulnerability for most businesses, but these tips can help keep you safe and secure.

May 13, 2019Manhattan Tech Support

SecurityCloud ServicesIT Consulting & StrategyTech Support & Managed IT ServicesFinanceConstructionEducationHealthcareLegalReal Estate

Phishing is a type of cyberattack in which criminals disguise themselves as reputable businesses or trusted individuals to obtain valuable information, like your network credentials, passwords, or financial information.

As of 2019, phishing is one of the most popular types of cybercrimes in the United States. Despite increased awareness about the dangers of phishing, the variety and success rate of phishing attacks have continued to increase in the States, which now accounts for 86% of all phishing attacks globally.

Phishing attacks aren’t just on the rise; they’re harder to defend against. Phishing causes more than four times the damage that viruses and ransomware cause. All it takes is one fraudulent email to fool one of your employees, and the damage is done. So, what are the best ways to stop a phishing attack? The first step is to understand what makes the threat so dangerous.

phishing blog image may 2019

The Changing Face of Phishing

In the past, fraudsters relied on “spray and pray” approaches to phishing. This method uses emails with minimal personalization and very generic, templated emails. The idea was that one recipient among the thousands of emails would be gullible enough to click on the dangerous link.

Today, the phishing landscape is much more diverse and sophisticated – often customized to target your organization or employees. This has helped keep the efficacy rate of phishing attacks high — despite the proliferation of new and advanced cybersecurity tools — and made mitigating phishing attacks a priority for the majority of cybersecurity decision makers. Here are the new phishing-style attacks you’re likely to see in 2019.

Spear Phishing

Spear phishing is one of the more targeted forms of phishing techniques in which the attacker has gathered some information about you, usually from social media channels or the world wide web. Using information about a recent purchase, business trips or life event, the hacker will then craft a convincing email that asks you to help them with something related to that event, such as refunds, claims of outstanding balances and so on.

To increase their success rate, spear phishing attacks often frame this request as an urgent need, requesting the user to visit a fraudulent website – one that looks very close to a genuine website the user is already familiar with. This method has a high chance of success. For the last several years, spear phishing attacks have been the most popular attack vector for organized hacking groups.

Business Email Compromise

The Business Email Compromise (BEC) is an advanced phishing attack in which hackers pose as an executive in the company and direct a financial director or accountant to remit a payment on behalf of a business. BEC attacks often rely on a sense of urgency for their success, requesting the invoice or transfer get processed immediately to steal the money before the accountant has time to realize it’s not legitimate.

Because of the research and time that goes into a BEC, they can be extremely effective. Take for example this Lithuanian man who successfully scammed both Google and Facebook out of over $100 million — and those are technology experts!

HTTPS in Phishing Attack

For many years, users have been taught that the little padlock symbol in Google Chrome and Microsoft Edge meant that you’re safely browsing over an encrypted connection. That’s no longer true. While the connection may be encrypted, hackers have gotten wiser and are deploying a new strategy – they are now designing spoofed websites that use an encrypted channel to appear safe but can steal your information like a regular phishing page.

This is a recent phishing trend in 2019, but it’s gaining popularity. According to cybersecurity expert Brian Krebs, 49% of phishing sites now utilize an encrypted connection, largely due to the proliferation of low-cost web hosting services offering encryption service.

Phishing-attacks_blog may 2019

How to (Help) Stop Phishing Attacks

Phishing is a reality that demands far stronger cybersecurity protections than ever before. But beyond investments in multi-factor authentication and powerful firewalls, there are things that you can do right away to help prevent phishing from becoming a serious problem in 2019. Here are some ways you can keep your organization safe and secure:

1 – Encourage Good Digital Hygiene

It’s important that employees proactively police their own social media accounts and posts that might contain information which could be used to launch a phishing attack. With no “in” to launch a credible phishing attack, hackers are forced to revert to anonymous phishing attacks, which are far easier to identify and defend against.

2 – Watch for Grammatical Errors and Typos

A lot of phishing attacks originate from overseas. Knowing this can give you an advantage when trying to determine if a page or email is legitimate or not. Scan it carefully for English problems. Are there spelling mistakes, poor punctuation, or issues with awkward verbiage? Those are major red flags, so proceed with caution.

3 – Urgent Messages? Not So Fast

Hackers want you to act urgently before you get wise to what they’re up to. To stay safe, your staff should be trained to approach every email with the opposite mentality — skepticism and patience. A message that carries an urgent or threatening tone must be taken with a big grain of salt, especially if it’s asking for your personal information. If they’re really suspicious, they may even want to confirm that email with the sender on the phone or in another email thread.

4 – Stress Mobile Security

There’s a trend toward phishing attacks appearing in apps like Slack, Skype, Teams, Facebook Messenger, and other chat software. According to IBM, mobile users are 3x more vulnerable to phishing attacks than desktop users. This isn’t a problem that can be automated away, because these applications don’t have the same built-in security functions that email clients have developed over the years. Instead, you’ll have to train employees to change their mindset and be vigilant about links and private information no matter what platform they’re on.

 

Phishing Protection for Businesses in NYC

For companies that don’t feel well-protected from phishing and other cybersecurity threats, it may be beneficial to work with a cybersecurity expert. Manhattan Tech Support has been providing businesses in New York City with cybersecurity expertise for two decades. Our security division, Kaytuso, can help bring your security protections up to date and train your team to spot phishing attacks before they damage your company. If you’d like more information about how we can help, contact us at 212-299-7673 or

 

We look forward to speaking with you!

SEE MORE

Kaytuso – the cybersecurity & regulatory compliance division of ManhattanTechSupport.com LLC.

Exceed Digital – the custom software development and business intelligence solutions division of ManhattanTechSupport.com LLC

Related Articles

AI trends in IT management

calendar March 22, 2023

author Manhattan Tech Support

Artificial Intelligence Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

AI trends in IT management

AI is on everyone’s minds these days. ChatGPT3 and OpenAi have brought what’s possible to the mainstream in a way we haven’t seen outside of movies before. If you’ve spent any time following the trends online, there’s a lot of

Read More
Best Microsoft 365 features for 2023

calendar March 15, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services IT Consulting & Strategy Software Development Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Best Microsoft 365 features for 2023

Microsoft’s office suite (now called Microsoft 365) has come a long way from its early days as a word processor and spreadsheet platform. These days, Microsoft 365 is a powerhouse of productivity tools that handle everything from word processing to

Read More
Digital Trust – what is it and how does it affect your business

calendar March 8, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Security Tech Support & Managed IT Services Telecommunications Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Digital Trust – what is it and how does it affect your business

It seems we hear new stories about cybercrime every day. The stories range from huge ransomware attacks on hospitals to city infrastructure being compromised. It might seem like this isn’t something that you and your business need to worry about,

Read More