
Beware Valentines Day Phishing Attacks.
C HenryWith Valentine's Day around the corner, cybercriminals are ramping up spam and phishing attacks targeting this lover's holiday.
A Business Email Compromise (BEC) is one of the most effective threats for attackers. It gives them the ability to send fraudulent emails under a legitimate email account. Usually, email accounts are associated with network credentials, so having an email account from a targeted user also gives attackers privileges to corporate data. Attackers can also eavesdrop on messages and steal data without detection. All these reasons and more are why a Managed Service Provider (MSP) should make email cybersecurity their top priority for their customers.
The Federal Bureau of Investigations (FBI) releases a report every year highlighting the significance of internet crime. The report estimates that internet crime cost $6.9 billion in 2021, but the cost associated with BEC is a large chunk of this cost – estimated at $1.77 billion. Looking at the dollar loss over a period of five years puts the loss at $43 billion between costs associated with initial damage and persistent litigation and associated aftermath costs.
Phishing is a major concern, and the number of phishing campaigns continue to rise. However, researchers noticed an increase in fake invoices sent to targeted users to convince employees to send money to an attacker. In some similar attacks, the fraudulent invoices incorporate social engineering or emails claiming to be a corporate accountant or executive urging the targeted employee to pay the bill.
Wire transfers are the most common, because it’s difficult for victims to get their money back. Gift cards are still popular, because these cards do not have chargeback capabilities like a typical credit card. Any irreversible method continues to be the most common strategy for BEC compromises.
Every year, malware authors change their code to bypass current cybersecurity defenses, but one thing never changes – phishing emails are an effective way to initiate a credential theft campaign. Employees continue to be the biggest vulnerability and threat to data. In a phishing campaign aimed at 100 employees, only one employee needs to fall victim to it. Once an employee divulges their credentials, data is at risk. At worst, an attacker gains access to network resources and installs backdoors and malware.
Training employees to notice the warning signs of a phishing campaign is a proven way to stop them from becoming the next victims. Simulated training is best, so MSPs should work with applications and vendors that perform attacks in the same way as a real-world campaign. Any URLs can point to a web page where an MSP can gather statistics to identify which employees clicked the link and identify any employees who entered their credentials. This practice helps improve education so that training can be directed at the biggest human errors.
Most BEC attacks start with a phishing email. Training helps and reduces risk, but an even better way to stop phishing is with effective email filters that identify suspicious messages and block them from reaching the intended recipient. MSP administrators can still see messages to identify any false positives, but messages will not reach the intended targeted victim’s inbox.
Email cybersecurity using artificial intelligence is a much better system. Instead of searching for specific words or images, cybersecurity systems that use artificial intelligence to analyze message patterns and sender data will catch phishing emails designed to bypass simple filters. As more emails are made available to the artificial intelligence system, security becomes more effective, especially against zero-day threats.
Combining email cybersecurity and training, an MSP can greatly reduce risk of an email compromise on their customer’s network. Using cloud-based email security, an MSP can more rapidly deploy email security, and it gives an MSP a centralized way to configure and manage all customers under one dashboard.
Setting up email cybersecurity and filters shouldn’t be the only protection, but it’s a primary source of stopping attackers from successfully obtaining corporate credentials. Monitoring should also be in place so that any credential theft is caught early before attackers can perform any other malicious activity.
A few other ways MSPs can help their clients avoid becoming a victim:
Every organization must demonstrate that a chosen security measure is working. A behavior-driven security awareness training must be able to provide metrics that demonstrates improvement in security behavior. SafeTitan provides enterprise-level reports that are easy to understand and that give an at-a-glance view of the awareness training program’s success.
If you’re ready to maximize your ability to secure your business and employees to minimize security incidents and related costs then take a closer look at SafeTitan. Book a free SafeTitan Security Awareness Training demonstration with an expert today.
Sign up for a FREE Demo of SafeTitan to learn how the solution works train employees to spot BEC attacks.
Book Free DemoWith Valentine's Day around the corner, cybercriminals are ramping up spam and phishing attacks targeting this lover's holiday.
MSPs must stay up to date with the latest threat detection and cybersecurity measure in order to stay competitive. Discover ways MSPs can grow their business in a competitive market.
German cybersecurity authority, BSI along with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings to companies to be extra alert over the approaching holiday season for...
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us