What is Phishing?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Most common types of phishing:
- Email phishing.
- Spear phishing.
- Smishing.
- Vishing.
How does it work?
The most common phishing attacks are those produced through email, the operation is very simple. The attacker will try to impersonate the domain of the company.com or a trusted provider to try to obtain sensitive information. For example email credentials, sensitive accesses, sensitive information …
Let’s take an example of phishing: A very common attack is to send emails posing as the IT department or the trusted email provider (O365, Gsuite …) of the company. Sent an email indicating that the email password has expired and must be renewed. The attacker can send this message to users posing as the company’s domain.com if it is not configured correctly at the security level or a domain very similar to the real one.
The objective is simple that the end-user doesn’t realize that the sender is not the real one.
Statistics of the impact on phishing companies during 2021
- The average financial cost of a data breach is $3.86m (IBM)
- Phishing accounts for 90% of data breaches
- 15% of people successfully phished will be targeted at least one more time within the year
- BEC scams accounted for over $12 billion in losses (FBI)
- Phishing attempts have grown 65% in the last year
- Around 1.5m new phishing sites are created each month (Webroot)
- 76% of businesses reported being a victim of a phishing attack in the last year
- 30% of phishing messages get opened by targeted users (Verizon)
Reference: https://www.knowbe4.com/hubfs/2020PhishingByIndustryBenchmarkingReport.pdf
At Quarbit we periodically analyze the security of public assets and review email settings to prevent these types of attacks. Contact us for more information.