Jan 23 – Email enables us to coordinate, project manage, ensure continuous productivity, deliver positive customer experiences and to grow initiatives quickly, among other things. It’s arguably one of our most valuable tools in the modern workplace. That’s also why email-based phishing attacks are extremely dangerous.

Despite awareness training, employees are still human and still fall for basic phishing scams. There’s a reason as to why cyber criminals continue to send out millions of phishing emails.

Phishing statistics

• Email-based phishing is the catalyst for 90% of ransomware attacks.
• Up to 5 million new phishing websites are created on a monthly basis.
• In the fourth quarter of 2022, the most impersonated brand within phishing campaigns was Yahoo.
• The brands that are most likely to be imitated within phishing campaigns include Yahoo, DHL, Microsoft, Google, LinkedIn, Wetransfer, Netflix, Fedex, HSBC and WhatsApp.

Phishing insights

The most common subject lines used in phishing emails during the last year were related to IT software updates, messages from HR about performance, and messages claiming a supervisor has sent a link to a new meeting.

Phishing protection

While phishing attacks may never be stopped in their entirety, there are established protocols that organizations can follow in order to prevent phishing attacks.

1. Email security. Organizations need to implement email security solutions that can easily layer into existing cyber security solutions and that can detect the most sophisticated of cyber attacks. This type of software is designed to prevent malicious emails from hitting end-users’ inboxes. In addition, consider a solution that can provide sandboxing capabilities; the practice of quarantining suspicious URLs and other potentially malicious content.

2. Stop spam. More than 5 billion spam messages make their way around the world everyday, representing roughly 45% of all emails. As these emails can contain malicious links, limit the number of spam emails that your employees receive. While there isn’t a silver bullet when it comes to stopping spam, apply anti-spam technologies that analyze known and emerging distribution patterns that can block threats.

3. Security policies. Business Email Compromise (BEC) is a tactic commonly used by cyber criminals. It involves the impersonation of an organization’s CEO, CFO, CTO or another trusted individual. Upon impersonating the senior employee, the BEC scammer makes believable requests to other employees, asking them to transfer funds, change billing details…etc.

Sidestep BEC scams by decentralizing your business’s approval process. In small to mid-sized companies, the approval process is often highly concentrated, and there are not many who are authorized to give a green light from projects and requests. If at least two individuals are required to approve something, BEC scams will become more easily identifiable.

4. Endpoint security. In addition to email security, endpoint security can help scan incoming messages for malware.

For more phishing prevention insights, please see CyberTalk.org’s past coverage. If your organization needs to revise or upgrade its security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.