535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

January 13, 2017

Don't Get Hooked! Phishing Is Still a Huge Problem

Chances are likely that if you’re reading this blog, you’re already at your wit’s end about cybersecurity and are looking for help from a managed services provider.

You’ve come to the right place. Apex Technology Services can help your organization streamline many different cybersecurity tasks. For example, Apex can provide expert guidance on security matters, ongoing system patching and advanced threat detection. But Apex — and any managed services provider, for that matter — can only do so much to keep your business safe.

The reality is that you and your employees need to be extra vigilant about what you do online if you want to stay out of trouble.

Consider phishing, for instance – one of the oldest forms of cybercrime. Unfortunately, not much can be done to stop phishing emails from pouring into your company on a daily basis. While spam filters can be set up, they’re not entirely effective. It’s inevitable that phishing attempts will get through and wind up in your workers' inboxes.

Phishing has been around for so long that it’s easy to dismiss the practice as outdated, harmless and even silly; we’ve all received outlandish emails from “family members” in foreign countries asking for millions of dollars. Does anyone actually take these messages seriously?

It can be difficult. But the truth is that not all phishing messages are ridiculous in nature. Some can be downright difficult to detect. So let this be a reminder that phishing is still one of the most widely-used strategies for stealing private information. And it’s more dangerous than ever before.

Just a few months ago, for instance, the City of El Paso was hit with a phishing attack that led to $3.2 million in damages. The attack was aimed at the city’s street car development program. In this case, funds were directed to fraudulent accounts instead of being sent to the city’s vendor.

In case you're confused, phishing is a type of online fraud that uses social engineering to try and steal personal information. Phishing can take place over just about any channel, but it’s most commonly done through email.

Here’s an example of how phishing works:

A hacker may send a message to a targeted individual pretending to be somebody who they are not. For instance, the hacker may pose as a vendor and send an email to a recipient at a company requesting confirmation of a payment card number. The hope is that the unsuspecting person will fall for the trick, and send the payment information back to the hacker.

In another type of phishing attack, a hacker will send an email with an attachment that is infected with malware. Upon opening the email, the malware will be released onto the machine. Sometimes, it can be released silently and lay dormant for quite some time.

By and large, the most popular form of malware that is used in phishing attacks is ransomware, a type of malware that will lock a computer or its files until a massive fee is paid. A recent study from PhishMe Inc. shows that by the end of 3Q16, the total amount of phishing emails containing a form of ransomware ballooned to 97.25 percent. In the first quarter, this figure was hovering at just 92 percent.

Even scarier, 77 percent of ransomware attacks now bypass email filtering.

So, how can you stay safe against phishing?

The most important thing you can do is to create awareness about the problem in your organization. Hold a meeting, and remind your employees that it’s their responsibility to watch out for harmful-looking messages. This may seem very basic to some of your more tech-savvy users, but don’t leave anything up to chance. It’s better to sound the alarm before something happens, than to get a call from a user with a locked computer (and a ransom notification for $50,000).

Tell your employees to double check all email addresses before opening messages, and to avoid messages from unknown senders that contain attachments (especially ZIP files). When in doubt, reach out to the sender by making a phone call or sending a separate email to verify whether that person did in fact send a message.

Again, a managed services provider can do very little to actively protect your organization against phishing. It’s an inevitable part about doing business online today. Apex can, however, provide supplemental cybersecurity training to raise awareness about the problem. Apex will work closely with your employees to help them identify emails and avoid clicking on harmful attachments.

Taking Apex’s cybersecurity course is a great way to start the conversation about Phishing, and ensure that everyone in the company —from interns to executives —are on the same page. 







Related Articles