When did email become the weakest link? How can you protect your organization from email phishing attacks?
There have always been problems with people clicking on malicious links and somehow having them sent directly to you seems to make it more likely you will click on it.
One out of every 99 emails is a phishing scam which means that every employee in your organization is getting almost 5 phishing emails every workweek. Unfortunately, most people rely on their email program to filter out such messages.
Phishing Attacks Are Very Common — And Very Costly
Almost a third of phishing emails make it past default email security and 5% of those have been whitelisted by a system admin. There are several very common forms of phishing attacks:
- 41% are credentialing attacks in which hackers try to gain access to the target’s usernames and passwords, costing $400 per account to clean up.
- 51% of attacks are links that prompt the download of malware which can cause an average of $2.4 million in damage when successful
- 0.4% of attacks are spearphishing attacks in which high-level people in an organization are targeted. While these are the least common attacks, they can be the most expensive, averaging $7.2 million per incident.
- 8% of attacks are extortion attempts and when they are successful, they can cost an average of $5,000 per user.
Last year, 64% of information security professionals were targeted by spearphishing attacks while 35% of working professionals don’t even know what a phishing attack means. The cost of phishing comes in more than cleanup – it can also do serious reputational damage.
The average cost of a phishing attack on a midsized business is $1.6 million. There’s lost productivity while everyone tries to halt and undo the damage. There’s also a loss of proprietary data and perhaps the worst of all is the damage to a company’s reputation after a breach. A third of consumers will stop using a business once a breach has occurred and it could take years to recover from such an incident.
It’s Entirely Too Easy To Fall For The Bait
Even if you are in the 65% of working professionals who know what a phishing attack is, it’s still very easy to fall victim. Successful phishing campaigns play to our emotions and sense of urgency. They often feature subject lines designed to scare or cajole us into action.
Subject lines such as “complaint filed” or “open enrollment” make us believe there’s an action that needs to be taken immediately or something bad might happen. It may include losing our family’s health insurance or getting fired from our jobs.
It also doesn’t help that a quarter of phishing emails spoof trusted brands. When you are expecting a package from Amazon and happen to get an email from Amazon in your inbox, it might seem believable enough that you open it to see what’s going on.
The most common signs of phishing include:
- Address of a crypto wallet
- Link to a WordPress site
- BCC to many others
- Shortened URLs
- From a trusted brand
- Link to a file on Google Drive
Because these are all things that have legitimate uses, hackers can exploit them to make us think they are completely safe. Knowing the threat is the best way to avoid falling victim, but that may not be enough. If hackers weren’t so good at what they do, which is understanding human psychology, we would have no need for email scanning software.
It Helps To Have Backup
The existing spam filters in your email program catch a lot of the problems but not all of them. This lulls us into a false sense of security and leaves us believing that if something lands in our inboxes, it’s probably safe.
Unfortunately, this is just not the case. Learning how to avoid phishing attacks and schemes is crucial and it means reminding employees of these tactics on a regular basis. It can also help to get additional email scanning software to catch anything that looks real enough to be a threat.
Learn more about how email became the weakest link and how you can fight back from the infographic below.
Courtesy of Avanan
The Federal Reserve Bank announced today that it is developing a new service called FedNow that will allow all banks in the United States to offer 24/7 real-time payment services every day of the week. FedNow is expected to be available by 2023 or 2024 and will initially support transfers of up to $25,000.
FedNow will make managing budgets easier for many people and small businesses, but it also puts the Fed at loggerheads with big banks since a federal real-time payments system would compete with the one being developed by the Clearing House, which is owned by some of the world’s largest banks, including Capital One, Citibank, Wells Fargo, Bank of America, JP Morgan Chase and Deutsche Bank.
The Federal Reserve’s board of governors voted 4-1 to approve the proposal for FedNow on August 2, with its of vice chair for supervision, Randal Quarles, casting the dissenting vote.
While Venmo, Zelle and other apps already allow users to transfer money instantly to one another, the Federal Reserve Bank described services like those as a “closed loop” because both parties need to be on the same platform in order to transfer money and they can only be linked to accounts from certain banks. On the other hand, FedNow will be a universal infrastructure, enabling all banks, including smaller ones, to provide real-time payments.
Furthermore, the traditional retail payment methods used for transferring funds not only creates frustrating delays, but can “result in a build-up of financial obligations between banks which, as faster payment usage grows, could present risks to the financial system, especially in times of stress,” the Federal Reserve Board said.
In a FAQ, the Federal Reserve Board explained that “there is a broad consensus within the U.S. payment community and among other stakeholders” that real-time payment services can have a “significant and positive impact on individuals and businesses throughout the country and on the broader U.S. economy.”
For example, real-time payments mean people living on tight budgets will have to rely less on costly check-cashing services and high-interest loans and will incur less overdraft and late fees. Small businesses will also benefit because they can avoid short-term loans with high-interest rates.
The proposal has gained the support of Google’s head of payments, Caesar Sengupta, and Democratic lawmakers including U.S. Senators Elizabeth Warren and Chris Van Hollen and Representatives Ayanna Pressley and Jesús García.
Great to see today’s news on a real-time payments system in the US! We @Google welcome the Fed’s leadership here. This is a good step toward more economic opportunity and financial inclusion for everyone. https://t.co/Slb3jxFeTF
— Caesar Sengupta (@caesars) August 6, 2019
In a statement, Warren, who is campaigning for the Democratic presidential nomination, said “I’m glad the Fed has finally taken action to ensure that people living paycheck-to-paycheck don’t have to wait up to five days for a check to clear so that they can pay their rent, cover child care, or pick up groceries. Today’s Fed action will also help small businesses by making payments from customers available more quickly. I look forward to working with the Fed to ensure a swift and smooth implementation of this system.”
Comments about FedNow will be accepted for 90 days after the proposal is published in the Federal Register.
“One more thing – Manson is small. Like, really small. Try not to stare.”
The second season of Netflix’s Mindhunter sees the pioneering murder investigators Holden Ford (Jonathan Groff) and Bill Tench (Holt McCallany) meeting the 5’2″ Charles Manson (as played by Damon Herriman for the second time after his appearance in Once Upon A Time In Hollywood).
The new season tackles the infamous child murders in Atlanta between 1979 and 1981, as well as the Son of Sam killer and the return of Cameron Britton’s horribly magnetic murderer Ed Kemper.
It’s also a mini Fringe reunion, with Michael Cerveris joining the cast, as the new chief of Ford and Tench’s serial killer unit, alongside his former co-star Anna Torv. Read more…