May 31, 2018

The Effects of a Phishing Scam on an Organization

Illustration of Computer with Fishing Rod
The 2017 Verizon Data Breach Investigations Report showed that 43% of all reported breaches began with a phishing scam of some kind. 

A phishing scam attempts to get valuable information by posing as a legitimate institution, company or person in an email or text message. Typically, the message requires the recipient to update information, and there is usually a link or an attachment that must be used.

A 2018 KnowBe4 study showed that recipients of phishing scams are most likely to click on a link or attachment when there’s a promise of money or a threat regarding the loss of money.  

Potential Damages Phishing Scams Can Have on Organizations

Virus Download

In a July 2017 phishing scam, emails were sent out to more than 3,000 businesses with the subject line ‘Shipping Information’. The emails alerted recipients about a forthcoming delivery by United Parcel Service (UPS) and included a seemingly innocent package tracking link. Unfortunately, recipients who took the bait and clicked the link actually deployed malware that could release a virus, delete data, and send spam. Interestingly, in the KnowBe4 study, the top subject lines were ‘A Delivery Attempt Was Made’ with an 18% click rate, and ‘UPS Label Delivery 1ZBE312TNY00015011’ with a 16% click rate.

Ransomware Attack

One ransomware attack in May 2017 started as a worldwide phishing expedition. The cyber attack was by a ransomware cryptoworm called WannaCry. It targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments. The attack hit 300,000 PCs around the world.  

Credit Card Data Breach

In a February 2017 phishing scam, a cyber-criminal group sent malware-laden emails to staff members of a global Mexican restaurant chain that has over 2,000 mostly U.S. locations. Opening the attachment though ended up compromising Point of Sale systems at most locations, and customer credit card data from millions of people was stolen. The stolen data included account numbers and internal verification codes.

Information Security Breach

In 2017, a Nigeria-based Business Email Compromise (BEC) scam targeted more than 500 businesses in over 50 countries. The phishing scam asked recipients, who were at mostly industrial companies, to download a file. The file was malicious and once it was downloaded, malware gained access to business data and networks.  

Tips for Preventing Phishing Scams

  • Provide on-going training to employees, who are considered the first line of defense. Training should introduce the different types of phishing scams and provide practical ways to identify and deal with them.
  • Install IT safeguards that provide early warnings of security compromise.
  • Only keep data on a need-to-know basis. Always limit access to confidential information to employees who need it to do their jobs.
  • Patch promptly and keep anti-virus software up to date.
  • Encrypt sensitive data.
  • Use two-factor authentication. 
  • Back up data.
  • Don’t forget physical security. Visible surveillance cameras, locked offices and desks, and embedded security processes such as professional document destruction, create routine data security and underline its importance to the workforce.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.