Anyone working in the financial or IT sectors beware: phishing attacks are targeting you.
According to Kaspersky Lab’s report Spam and Phishing in Q2 2018, phishing attempts appear to be well and truly here to stay, and the financial sector is particularly under fire, with over a third of phishing attempts (35.7%) in that industry. The IT sector comes second with just under 14% of phishing attacks impacting the industry.
With the finance industry in particular being targeted, there is clearly a need for businesses and consumers to protect their data while carrying out online banking. Interestingly, the rise of cryptocurrency has additionally caught scammers' eyes as they have tried to entice users into transferring cryptocurrency funds and also try to trick investors into placing funds into cybercriminals’ accounts.
The main advice to avoid phishing is to always check the link address and sender email address before clicking on any link sent to you in an email. You should also make sure of using secure HTTPS connections and, of course, never share any personal passwords or data. Businesses should additionally put in place an effective system of employee training to stop people from clicking on the wrong links in the first place. TMB’s own phishing simulations, for example, can help to test users with a campaign of realistic and completely safe simulated phishing emails. There are also various anti-phishing software solutions, starting with a good firewall, that can be installed in a company’s network to make sure your business stays safe.
A separate report from network security company RSA has also pointed out the dangers of phishing, stating that fraud in the second quarter of the year increased by a third compared with the previous quarter, with over 40% of all fraud activity in the second quarter accounted for by phishing.
Why does phishing remain such a popular method of attack? That’s most likely down to the fact that it remains a genuinely effective means of getting the job done, speaking to that part of human nature which wishes to engage with others.
RSA’s report also points out a rising area of fraud growth: mobile apps. According to RSA, over 70% of total fraud transactions in the second quarter came from mobile browsers and applications, and rogue mobile apps - fake apps made to look like they are legitimate and, importantly, can be trusted - are on the rise. During the second quarter, over 9,000 apps were identified by RSA as being rogue ones, which is a truly worrying figure.
Rogue apps, which accounted for 28% of all fraud attacks, are of particular fresh concern for businesses as they are similar to phishing in that the ultimate aim is to trick the user into thinking that they are using a genuine, approved app. Bear in mind that among these rogue apps are rogue mobile banking apps, and you get a sense of the potential fund-draining problems that could be at stake here.
A high proportion of fraudulent transactions are also taking place from new devices and new accounts, which points to the use of stolen identities and ‘burner phones’, which is making it harder and harder to detect hackers at work.
The prevalence and rise of phishing and rogue apps would point to a need for those in business to pay more attention to online identities before engaging. This is becoming an increasing issue with the rise of 'human-not-present' transactions and automation, which provide more challenges for business when it comes to authentication.
More than ever, businesses must take care when navigating the online space. One of the best places to start with that is by looking at TMB’s cyber security solutions.