Here are a few statistics to know:
- A 2016 study from security service provider Wombat Security revealed 85% of companies were targeted by a phishing attack in 2015, while 67% identified a spear phishing attack, which is a more targeted form of phishing.
- Citing data from research firm the Ponemon Institute, Wombat Security points out that the average financial damage to an organization victimized by a phishing attack was more than $3.7 million in 2015.
- The company explains that between Oct. 2015 and Mar. 2016, the number of phishing websites grew by 250%.
The VPN Guru, a blog devoted to information technology management, states that typos, grammatical errors, incorrect URLs and demands for personal information are all common indications that an email is a phishing attempt. The news provider explains that the extravagant offers and attachments containing the extensions .BAT, .MSSI and .EXE should be treated cautiously at all times.
These types of signs should be known by all consumers and professionals for purposes of prevention. An errant click on a malicious link or attachment or the entry of personal information can be financially devastating for both households and businesses. Reputable companies will rarely ask for personal information in an email, so individuals should never put that type of data into a response through this medium.
Like so many other types of IT security threats today, prevention is key and business leaders need to take the reins to ensure that their staff is being properly instructed in safe internet and email use.
Awareness and training
Businesses can ─ and should ─ leverage anti-malware security software to defend against the dangerous aspects of spam and phishing emails. Security software will only protect against malicious code, meaning that users might still give up personal information that can lead to a larger data breach. As such, security awareness and training need to be high priorities for all organizations today.
Phish Labs, a provider of security training and education services, states that user behaviors tend to be the riskiest factors of all and those who are not aware of phishing threats will be likely to hinder their companies' protective frameworks. To combat this, the firm suggests focusing on long-term training that starts early on in an employee's career and continues to teach each individual more as threats evolve.