An alarming 60% of small firms that have been a victim of cybercrime go out of business within just six months of the attack. With an increasing number of phishing scams, it would serve these businesses to be aware of the different kinds of attacks currently inflicting themselves on unsuspecting targets, in order to prepare themselves and to limit any potential damage.
Here are five examples of phishing attacks that targeted small firms in 2017 and the kind of attack that businesses need to be looking out for.
Contents
The ‘Shipping Information’ Phishing Scam
A new category of phishing scams was unveiled in 2017, designed specifically for small businesses. A phishing email was sent to over 3,000 businesses with a subject line that read ‘Shipping Information. The body of the email described a future delivery from United Parcel Service (UPS), which included an innocent-looking tracking link. When the recipient opened the link, however, they left themselves vulnerable to malware and potentially letting loose a virus into their system.
Business Email Compromise (BEC)
The attack from the BEC, based in Nigeria, hit more than 50 countries and targetted over 500 businesses, mainly industrial firms. Recipients of the email were asked to download a malicious file. Once the file was downloaded, the malware was free to make its way around business networks and data.
IRS W2 Tax Season Spear-Phishing Scam
A spear-phishing email circulated at the start of last year’s U.S. tax season. A number of fake emails were sent out in the W-2 Phishing Scam. The emails appeared to come from corporate executives and asked employees to submit personal details for tax and compliance purposes. A spear-phishing email is a seemingly innocent email sent to an individual, prompting them to click on a link, after which they’re then asked to enter sensitive data, such as financial details. Details in this can then be used to impersonate the victim when making online transactions.
Google Docs Hack
In May last year, over three million workers all over the world had to stop working after a fraudulent email was sent via Google Docs that invited recipients to edit documents. Once an invitation was opened, it took the user to a third-party app that allowed cybercriminals to access their Gmail account.
Phishing Attack on Chipotle
Earlier this year, a team of cybercriminals in Eastern Europe sent malware-laden emails to workers of fast-food chain Chipotle. When any of the staff clicked on the email, they inadvertently gave the hackers access to POS systems in numerous Chipotle branches. The cybercriminals were then able to acquire the credit card details of millions of Chipotle customers.
The consequences for any business that ignores the risks involved with a phishing attack can be fatal. It’s within the interest of every company to implement security measures that have been proven to work. Rather than only taking action after the event, these businesses need to establish a policy around security that becomes a part of their company culture.
One significant part of this policy should be additional caution when opening emails from unknown email addresses and avoiding opening them, or certainly avoid clicking on any links they’re unsure of.
1 Comment
Take a look at who the messages comes from – the email account,
.. and then the “reply to” address. If these are different beware that the one that sent you the message is not the one that wants your replies.
Scammers has to send inside the LAN of one of the big ones – like Gmail. They have to use the lower security and will even send from “Loopback” – 127.0.0.1 but take your “home LAN” – 192.168.x.y – they will use an address like 192.168.17.34, like your printer. You can see this on you”Full Header”:
Received: from 127.0.0.1 (EHLO sonic313-14.consmr.mail.bf2.yahoo.com) (74.6.133.124)
by mta4190.mail.ne1.yahoo.com with SMTPS; Thu, 23 Aug 2018 21:08:43 +0000
DKIM-Signature:
These “Signatures as based on certificates and, in this case Yahoo, have sent another message to them, that they use to certify – easy, just make a Yahoo email and send a message to yourself.
Make a rule for everyone you know, and move the messages to folders, forward to others, make automatic reply-to and raise flags. Separate work from private, news from social messages. Then all the rest is possibly junk,.