Phishing — Don’t Be Caught in Criminals’ Nets! Phishing, a cybercrime that combines social engineering (tricking unwitting computer or mobile users into exposing themselves to an attack) with technology-based deception to steal sensitive personal and financial information, is on a meteoric rise. Email has always been a primary attack vector, and the situation is getting worse. So bad has it become that one in every 99 emails is now fake.
Furthermore, in July 2021 alone, there were more than 260,000 phishing attacks — one of the highest monthly totals in the reporting history of the Anti-Phishing Working Group, a consortium of experts that measures the evolution, proliferation, and propagation of identity theft methods.
For business leaders, staying on top of phishing “tricks” is difficult. In some cases, attacks are spoofed (made to seem like they were coming from a company employee). In others, they are brand impersonation attempts (appear to be offers from the brand itself). Exacerbating the problem, “smishing” — phishing attacks perpetrated via scam text messages — are on the rise, as well. Through September 2021, they had risen dramatically, up approximately 50% in the U.S. and a whopping 700% in the UK.
Phishing, the Dark Web, and What You Can DoExacerbating the problem, phishing plays into the Dark Web, as well. This hidden portion of the Internet, where criminals buy, sell and trade a number of illegal items, is where a lot of sensitive personal and corporate information ends up. The sheer scope of the illicit database is mind boggling. (Want to learn a little more about the Dark Web? Click here to read our earlier article in this series.)
Although no one has performed an exact tally, breach exposure data allows experts to make a pretty close estimate. As of early 2021, nearly 26 million Fortune 1000 business accounts and 543 million employee credentials were circulating on hacking forums. It’s highly likely that most if not all of those were either procured on the Dark Web or placed there by criminals as part of their “share one, share all” posture. Unfortunately, taking phished credentials out of circulation is impossible. Once they are on the Dark Web, they circulate quickly. What we CAN do is take all precautions possible. One that we consider mission critical is employee training. Carmichael Consulting Solutions offers solutions from BullPhish ID, the world’s leading phishing simulation platform.
BullPhish ID is much more than a simulator. It incorporates security awareness training that empowers personnel to spot and stop phishing threats. Including more than 80 phishing kits and 50 security video campaigns, BullPhish ID enables training campaigns and reporting to be automated so your firm can achieve stress-free, consistent training that gets results. It even includes monthly phishing kits and videos that reflect the most current threat landscape so your employees can be on the lookout for trouble. When our clients implement BullPhish ID, our experts set everything up, including getting personnel started on the training programs. We would be happy to implement this best-practices phishing platform for your firm. To learn more or get started, click here or call 678-719-9671 (choose Option 2).