All these terms about phishing can be confusing. Here's a small dictionary-like list on some of them.
Criminals exploit the fact that email remains the primary channel for conducting business. Phishing is one of the most prevalent forms of cybercriminal activity, representing 95% of damages caused by cybersecurity incidents.
As of January 2021, Google had registered 2,145,013 phishing sites, showing an almost 30% increase in phishing site activity in the past year. To lower your risk of becoming a victim, understand the different terms often used when describing phishing scams.
Types of Phishing Attacks
BEC – Business Email Compromise (BEC) is also known as email account compromise (EAC). BEC is a type of scam that impersonates those authorized to make payment or wire transfer requests and trick unsuspecting employees. The FBI has identified five types of BEC scams: account compromise, attorney impersonation, CEO fraud, bogue invoice scheme, and data theft. In 2020, 65% of organizations faced BEC attacks.
Credential harvesting – Credential harvesting is also known as account harvesting. These phishing emails attempt to steal login information by tricking users into entering their credentials into a fraudulent website.
Evil twin – An evil twin attack involves setting up a fraudulent wireless access point and tricking users into believing it is a legitimate Wi-Fi network. Once the user has accessed the network, the attacker can spy and steal the user’s sensitive data.
Gift card scams – Gift card phishing emails engage with victims to trick them into purchasing gift cards. The scam relies on impersonation to convince the email recipient to send money using gift cards instead of a wire transfer.
Ransomware – Ransomware allows the attacker to lock files and demand payment from the victim in exchange for a key to regain access. Ransomware attacks can be delivered through phishing communication (email).
Spear phishing – Regular phishing involves generic attacks, while spear phishing campaign victims are specifically targeted. Spear phishing impersonates trusted senders and targets well-researched individuals or organizations using customized emails. According to research on targeted attacks, 65% of active groups carrying out phishing scams relied on spear phishing.
Phishing Impacts on Organizations
Brand damage – Brand damage occurs when the consumer’s perception of the brand is adversely impacted, usually after a negative experience. When a brand becomes a victim of a phishing attack, its brand image and reputation may suffer as stakeholders and customers question the company’s ability to protect their sensitive data and avert a crisis.
Business interruption – A business interruption is anytime a business cannot operate due to an event, resulting in losses in revenue and productivity. Phishing attacks can disrupt and even paralyze business operations, particularly in ransomware attacks when access to files is locked until a ransom is paid.
Drop in share prices – Share prices can drop when a company’s reputation and credibility take a hit, such as a phishing attack that leads stakeholders to lose trust in their investment.
Lawsuits – Lawsuits are legal disputes brought to a court of law for a decision. Because phishing attacks may expose users’ private and sensitive data to criminals, users may become suing parties and file lawsuits against the company that failed to keep their information safe.
Rogue wire transfers – Rogue wire transfers refer to the wired money involved in email scams. According to a report on phishing activities in 2020, the average wire transfer loss from phishing attacks was $80,183.
Settlements – When an organization is sued following a phishing attack, the sued party may decide to resolve the dispute with the complainant by paying settlement funds.
Stolen customer data – Stolen customer data in data breaches involve sensitive data associated with the customer, including full names, home addresses, birthdays, marital statuses, phone numbers, email addresses, and financial information.
Let’s talk more about the severity of phishing incidents and how a robust email security solution with a high operationalization level is a solution. Contact us today.