Introduction
As one of the top cybercrime ploys impacting both consumers and businesses, phishing has remained a consistently potent threat over the past several years. In fact, there was an average of over 37,000 phishing attacks each month in 2012 (more in 2014).*
You no longer need to be a sophisticated hacker to commit fraud on the Internet. Anyone who is motivated can join in, thanks to the off-the-shelf phishing kits provided by a thriving cybercrime ecosystem. Cybercriminals are even migrating to a new business model known as malware-as-a-service (MaaS), where authors of exploit kits offer extra services to customers in addition to the exploit kit itself.
The impact on a business can be quite severe. RSA estimated in its February 2013 Fraud Report that worldwide losses reached $1.5 billion in 2012 and had the potential to reach over $2 billion if the average uptime of phishing attacks had remained the same as in 2011. Whatever the threat – whether employees or customers have been phished, or the company website compromised – phishing is something to be taken very seriously. Organizations need to stay current on the latest methods employed by cybercriminals and take proactive steps to protect themselves from fraud.
How phishing could impact your business
While spam has declined slightly in 2014, phishing attacks have increased. Phishers are using very sophisticated fake websites – in some cases, perfect replicas of real sites – to trick victims into revealing personal information, passwords, credit card details and bank credentials. In the past they relied more on fake emails, but now those emails coupled with similar links posted on social media sites are used to lure the victim to these more advanced phishing websites.
Typical fake sites include banks and credit card companies, as you’d expect, but also popular social media sites. The number of phishing sites that spoofed social network sites increased more than 123 per cent in 2014. If criminals can capture your social media login details, they can use your account to send phishing emails to all your friends. A message that seems to come from a friend appears much more trustworthy. Another way to use a cracked social media account is to send out a fake message to someone’s friends about some kind of emergency.
Protecting your business
While there is no silver bullet, there are technologies that can help protect you and your customers. Many of the current phishing techniques rely on driving customers to spoofed websites to capture personal information. Technology such as Secure Sockets Layer (SSL) and Extended Validation (EV) SSL are critical in fighting phishing and other forms of cybercrime by encrypting sensitive information and helping customers authenticate your site. Security best practices call for implementing the highest levels of encryption and authentication possible to protect against cyber fraud and build customer trust in the brand. SSL, the world standard for Web security, is the technology used to encrypt and protect information transmitted over the Web with the ubiquitous HTTPS protocol. SSL protects data in motion, which can be intercepted and tampered with if sent unencrypted. Support for SSL is built into all major operating systems, web browsers, Internet applications and server hardware.
To help prevent phishing attacks from being successful and to build customer trust, companies also need a way to show customers that they are a legitimate business. Extended Validation (EV) SSL Certificates are the answer, offering the highest level of authentication available with an SSL Certificate and providing tangible proof to online users that the site is indeed legitimate.
While cybercriminals are becoming adept at mimicking legitimate websites, without the company’s EV SSL Certificate there is no way they can display its name on the address bar because the information shown there is outside of their control. And they cannot obtain the legitimate company’s EV SSL Certificates because of the stringent authentication process.
*Source: 2013 Symantec Corporation. Except from White Paper: Phishing – The latest tactics and potential business impacts.
If you would like to know more, please contact us at 1-800-871-9683 for a free consultation. Also, if you still have Windows 7 or 8 Computer(s) in your business, please give us a call to help you upgrade to Windows 10 and Office 365. Our email address is: markhuffman@creativebusinesstechnologies.com