It sits there in your inbox daring you to click on it. It appears to be an important message from the folks at Microsoft’s Office 365 email security team. Either your mailbox storage is full, there is an important security notice you need to read, or your mailbox is about to be deleted and you need to act to prevent it from happening. It looks legitimate, but it is just a phishing attempt to try to get your login credentials or launch some malware.
Microsoft, makers of Office 365, reports they see more than 5 billion threats detected on devices every month. That represents more than 100 million unique phishing emails targeting Office 365 users annually. There is no reason to believe that will end anytime soon.
Email is nearly ubiquitous in the workplace. It is one of the most durable and effective forms of communication. It is also exceptionally vulnerable to attacks. While it may be easy to spot the fake emails from the British lawyer or Nigerian prince wanting to give you millions, today’s hackers are sophisticated and targeted.
It's every internet security professional’s nightmare scenario. A phishing email has gotten past your anti-email phishing software and someone's clicked on it. Whether it's malware, ransomware, or something worse, your reputation and maybe even your job may be on the line.
Inky Phish Fence works 365/24/7. It never sleeps and never stops, it learns in perpetuity and today’s Catch of the Day is a testament to its robustness... Read on:
Trends in Phishing Emails Hitting Businesses Today
In law enforcement circles, sophisticated email phishing schemes are known as "business email compromise." More commonly called CEO Fraud or CFO fraud, they are targeting C-suites executives with increasing effectiveness.
What is Phishing?
Phishing is an all too common cyber attack using deceptive emails, malware, and websites to gather personal information. Hackers use this tactic to gain access to business systems, con someone into clicking on a link that downloads malware, or trick someone into acting.
According to Statista, IT Security spending in 2018 in the United States alone will reach $66B – an incredible number.
We obviously know that phishing is a threat, but even we were surprised to read that over 50% of respondents to a Lloyds Bank survey said they received phishing emails from scammers posing as their boss. This particular kind of phishing attack, known as “CEO Fraud”, can pay off when scammers convince junior employees to pay a fake invoice, or forward other valuable information to whom they believe is a top executive.
CEO fraud is sophisticated from both technological and social angles. Receiving an email from a trusted, high-ranking contact doesn’t raise concerns, as these kinds of messages “feel normal.” Attackers rely on this misplaced trust and a worker’s desire to please the boss. Criminals can use social media or even out-of-office messages to understand the business structure of an organization. They can then craft fake emails and attempt to reach several people within an organization, hoping at least one of them falls for it.
Scammers are sending phishing, spear phishing, and whaling emails in record numbers. A recent Internet Threat Security Report shows that 1 out of every 131 emails contained some form of malware. The hackers are nothing if not proficient. 76% of businesses report being a victim of phishing attacks and the business costs are staggering.