You don’t need to be a genius hacker to make an effective phishing campaign.
It takes about 5 minutes to produce a phishing email that appears to be sent from a governmental institution of your choice or a private corporation trusted by the recipient.
In this video, you’ll see for yourself how easy it is to give an impression of sending emails from addresses such as email@example.com (CEO of Samsung), firstname.lastname@example.org (CEO of LEGO) or maybe email@example.com.
Yes, it’s that easy to gain a smooth starting point while trying to lure credit card information or other sensitive data from people on your list of email addresses.
See how it is done in this video
97% do not spot phishing emails
Look at the spam emails you have already identified as phishing attempts – aren’t they amusing and amateurishly made? ‘Hackers’ who send emails such as firstname.lastname@example.org where the domain is misspelt, which is meant to be overlooked by the recipient, don’t really know what they’re doing.
In mere minutes, phishing can be done much more authentically.
Imagine then that a real hacker sits down to make a concentrated effort to cheat you via a phishing campaign. You almost need to be a professional yourself to find out that there is something terribly wrong. This is consistent with figures given by the security department of US tech giant Intel, namely, that 97% of those who receive phishing emails never find out that someone is trying to hack them.
Phishing: Many, many more attacks!
According to PhishMe’s Enterprise Phishing Resilience and Defense Report, phishing attempts have grown by 65% within the last year. According to the Wombat Security State of the Phish, 76% of respondents from England and the United States reported that they were in one way or another exposed to a phishing attack within the last year. According to Verizon Data Breach Investigations Report, 30% of recipients open phishing messages, while 12% click on the malicious links or attachments. According to the SANS Institute, 95% of all business network attacks are the result of successful phishing. According to Symantec, the number of phishing attacks has generally increased for all sizes of companies and in all industries – no type of business is immune. According to the Webroot Threat Report, nearly 1.5 million new phishing websites are created every month.
Successful phishing attacks cost $1.6 million on average
$ 1.6 million is the average cost that a medium-sized company pays for a phishing attack that ends up being a success.
For companies from the US, the price is $ 1.8 million.
However, the high direct financial loss is only part of the story. Damages include a decline in stock prices. Among other negative effects respondents experience loss of reputation and even customers notes the report that is authored by Cloudmark Security.
Studies by Deloitte and Aviva support the numbers
According to Deloitte, one-third of the customers, when asked in their 2015-investigation, said that they would stop buying from a company if the company had experienced a breach of cyber security – even if the customer had not suffered a significant loss.
If your company is under attack from a hacker, 60% of customers will consider leaving you and 30% will actually do so, says a somewhat similar study from Aviva.
Digital signature: A shield against phishing
You protect yourself against phishing by educating your coworkers to take their precautions. Talk to your colleagues. Show them what they need to pay attention to. Teach them to spot malicious emails and websites that emails link to.
DMARC is a technical solution that can help you prevent this kind of spear phishing. You can dodge distrust from worried mail recipients altogether by deploying digital signature.
That way, recipients of your emails can be sure that any given email is sent from you and only you – or from your department or company, depending on how and to whom the signature is issued.
To get a digital signature you must be validated to a varying extent as a person, employee, department and/or company.
The validation process and the S/MIME technology used when employing digital signature, guards you against identity theft: When customers, users, coworkers or other stakeholders receive emails from you, they’ll immediately inform themselves of your true identity simply by exploring your digital signature. This will only take a few clicks.
A digital signature can be used for emails you send on behalf of yourself as a person, on behalf of a department in your company, or on behalf of the company as a whole.
The best solution for you depends entirely on your needs.
Remember that the S/MIME certificate you buy at TRUSTZONE also enables you to encrypt your emails. In addition, they let you sign your Microsoft Office documents.