“We urgently need you to click on this very trustworthy link and change your PIN code. Please confirm your ID information and change your PIN as soon as possible in order to protect your bank account from being temporarily suspended.
We’re willing to bet that everyone that has any sort of presence on the internet has received an email or text message with a similar request, probably more than once. It may have come from your bank, your mobile phone operator, or even from other random places that couldn’t possibly believe you would actually click on that phishing link.
You’ve very likely also gotten messages from your actual bank (phone operator, etc.) warning you against these exact messages. Why?
What is phishing?
Phishing is a cybercrime in which an individual is contacted by a cyber-criminal (typically by email) with the intent to steal sensitive information about that individual or their organization. Information that is in high demand includes passwords, credit card information, and personal identification details.
For organizations, phishing is dangerous because it is often used on an individual employee as a precursor to infiltrating the organization.
The goal? Financial gain for the attacker.
The common ways that phishing emails get their victims’ information is through:
- getting the victim to click on a link where the victim enters their information, or
- getting the victim to open an attachment that then installs ransomware, malware, or another type of virus on the victim’s computer.
Keep in mind that the links in these emails often look like the real thing and can be sent from spoofed email addresses that don’t raise any suspicion. An unnoticed spelling switch or an email from a “new colleague” within the organization is sometimes all the attacker needs to fly under the radar and receive valuable information.
Types of phishing at a glance:
- Smishing: A text message-based phishing attack
- Vishing: Phishing via phone (“voice phishing”)
- Spear phishing: A targeted email phishing scheme
- Whaling: A phishing attack aimed at senior executives of an organization
- Angler phishing: Phishing using social media
When targeting organizations, cyber-criminals have to put in the work before they go for a bigger data breach by targeting a specific person. This is called spear phishing. Their goal is to be able to get enough information beforehand so that the phishing email can then be tailored to a specific individual, raising little to no eyebrows and being harder to detect.
Another sophisticated type of phishing that uses extensive prior research is Business Email Compromise (BEC). This type of attack focuses on employees that have access to an organization’s accounts, then pose as a business partner or vendor of the target organization to request payments or fund transfers.
BEC, whaling, and spear phishing attacks will often target an individual in an organization by posing as a member of management, HR, or other senior role within that person’s organization – nobody’s going to say no to the boss!
The email's wording will be urgent, using information they have found on the internet (social media, press releases, etc.) to sound like they know the individual and their organization.
Or they will first phish for information that they can then use to hack the employee’s actual email account and then use this email address to request payments from the organization’s existing partners, get them to pay an overdue invoice, or whatever other action nobody would cast doubt on.
How DLP protects your organization against phishing
“If you snooze you lose” couldn’t be more on point when it comes to data loss prevention (DLP).
According to one report (Verizon Data Breach Investigation Report 2021), phishing is one of the top data breach originators, with losses in 2020 estimated at USD 1.8 billion.
What’s extra frustrating is that almost everyone knows about phishing and has been warned against it, but somehow there are still thousands of organizations and individuals that fall victim to it every year.
That’s because, like other types of cyber-attacks, they are always evolving, getting better, smarter, and sneakier. Sensitive data will always be highly sought after by criminals, and organizations, in particular, need to stay one step ahead of the bad guys at all times to protect themselves and their customers.
Putting in place a data loss protection solution should be a priority in every organization, no matter the industry. It will help to establish and maintain an effective information security management system (ISMS).
80% of companies suffer data loss through employee error or malicious acts such as phishing.
An ISMS is a set of concrete policies whose main objective is to protect a company’s (and the company’s clients’) data, reduce the risk of data breaches and cyber-attacks, and prescribe controls that could mitigate the damage if a breach does occur.
Your organization’s DLP solution can include everything from risk gap analysis and insider threat analysis to awareness training for employees and defining procedures and best practices when it comes to handling data within the organization.
That way, everyone in the organization will know (and is often reminded) how to deal with potentially harmful emails and will keep an eye out for anything suspicious. And if a phishing attempt does happen, there will already be a process set up for what should happen next to minimize damage.
How Safetica’s DLP solutions help
Let’s imagine that your employee clicks on a phishing campaign. The hackers gain access to your company’s files and remain hidden because they are acting under that employee’s credentials. The hackers are able to download your sensitive data and do whatever they want with it.
Safetica constantly monitors user behavior and can spot any anomalies. If an employee suddenly starts downloading a large amount of data, or starts working during unusual hours, the solution would immediately notify you or block such activity entirely. It is up to you how DLP policies are set.
Either way, you will be notified of such a data breach in real time. Without a DLP solution, it usually takes on average 85 days to contain an insider threat incident (Ponemon).
We know that people make mistakes. When they are tired or overloaded, they can fall for a phishing campaign without even thinking about the consequences. Therefore, Safetica protects not only your data and business, but your employees as well.