Here are five examples of phishing attacks that targeted small firms in 2017 and the kind of attack that businesses need to be looking out for.
The ‘Shipping Information’ Phishing Scam
A new category of phishing scams was unveiled in 2017, designed specifically for small businesses. A phishing email was sent to over 3,000 businesses with a subject line that read ‘Shipping Information. The body of the email described a future delivery from United Parcel Service (UPS), which included an innocent-looking tracking link. When the recipient opened the link, however, they left themselves vulnerable to malware and potentially letting loose a virus into their system.
Business Email Compromise (BEC)
The attack from the BEC, based in Nigeria, hit more than 50 countries and targetted over 500 businesses, mainly industrial firms. Recipients of the email were asked to download a malicious file. Once the file was downloaded, the malware was free to make its way around business networks and data.
IRS W2 Tax Season Spear-Phishing Scam
A spear-phishing email circulated at the start of last year’s U.S. tax season. A number of fake emails were sent out in the W-2 Phishing Scam. The emails appeared to come from corporate executives and asked employees to submit personal details for tax and compliance purposes. A spear-phishing email is a seemingly innocent email sent to an individual, prompting them to click on a link, after which they’re then asked to enter sensitive data, such as financial details. Details in this can then be used to impersonate the victim when making online transactions.
Google Docs Hack
In May last year, over three million workers all over the world had to stop working after a fraudulent email was sent via Google Docs that invited recipients to edit documents. Once an invitation was opened, it took the user to a third-party app that allowed cybercriminals to access their Gmail account.
Phishing Attack on Chipotle
Earlier this year, a team of cybercriminals in Eastern Europe sent malware-laden emails to workers of fast-food chain Chipotle. When any of the staff clicked on the email, they inadvertently gave the hackers access to POS systems in numerous Chipotle branches. The cybercriminals were then able to acquire the credit card details of millions of Chipotle customers. The consequences for any business that ignores the risks involved with a phishing attack can be fatal. It’s within the interest of every company to implement security measures that have been proven to work. Rather than only taking action after the event, these businesses need to establish a policy around security that becomes a part of their company culture. One significant part of this policy should be additional caution when opening emails from unknown email addresses and avoiding opening them, or certainly avoid clicking on any links they’re unsure of.