Phishing attacks may seem innocuous to most people familiar with the Nigerian prince scam email, but they can be used to deadly effect.
A cyber-criminal gang stole $25.7 million (around £17.8 million) from Russian banks in 13 attacks which were conducted between August 2015 and February 2016. Buhtrap, the gang that stole the money, used spear phishing emails to send infected attachments to their targets. Once opened, these attachments downloaded malware that created fraudulent transfer orders with instructions to send money to accounts controlled by the criminals.
Russian security firm Group-IB discovered the attacks and brought to light the lack of awareness amongst organisations of the dangers of spear phishing.
Spear phishing, a type of targeted phishing attack usually consists of an email originating from a person or organisation that you already know. This is a cleverly disguised ruse by hackers to ask you for information or to get you to do something. Banks aren’t the only institutions that are susceptible to phishing attacks. Phishing should be taken seriously by all organisations as a major threat. A lack of security awareness or training may put your entire corporate network at risk. If an employee mistakenly opens a phishing email, they could inadvertently allow in ransomware, viruses and other unwanted nuisances.
If you’re concerned about your organisation’s threat profile or just want to know more, please feel free to contact me at firstname.lastname@example.org or on 0208 584 1400.