Our partner Agari, a leading cybersecurity firm, recently discussed in a blog post the rise of highly targeted email attacks – known as spear phishing or business email compromise. The post highlighted the scale of the threat phishing poses to organizations across all industries and what these companies should be doing today to prevent future attacks.
So what is spear phishing and how can you avoid it? Below is a great primer on the topic:
What is “Spear Phishing”?
Spear phishing is when savvy cyber criminals, using information readily available online (i.e. names, titles, email addresses), are able to create carefully engineered emails that successfully trick users into handing over confidential information such as banking credentials or making fraudulent payments.
A growing problem
According to Agari, spear phishing has become one of the most worrying developments in cyber-attacks over the last year. A recent FBI investigation confirmed that this type of crime is on the rise and that 7,000 companies have had their business email compromised by successful spear phishing attacks within the last three years.
Top targets by sector
Investigations by Trend Micro have shown that the government sector and activist groups are the most targeted sectors of advanced persistent threats (APT) related spear phishing attacks.
Avenues of attack
The dominance of email within businesses means that it continues to be the main distribution channel for distributing spear-phishing attacks. According to Trend Micro, 91% of targeted attacks involve spear phishing emails.
The cost and impact
While estimates about the cost of spear phishing attacks vary, experts agree that it’s now in the billions. The FBI claims that the loss from business email compromise has now reached over $2 billion within the last two years. In total, there have been 12,000 victims globally that have experienced an average loss of $120,000 each.
Wondering if email phishing is affecting you and your customers? Contact us today!
What’s the solution?
Given the scale of the problem, it’s no surprise that organizations rank preventing targeted email attacks, data breaches, and financial loss as their biggest priorities for 2016. More must be done to restore trust to the email ecosystem and prevent fraudulent emails from even making it into the inbox.
That’s why in 2014 Inbox Marketer partnered with Agari for their anti-phishing and email security technology. Agari works with global brands to provide the tools and analytics they need to eliminate email threats, protect customers and their personal data, and proactively guard brand reputation.
“We didn’t expect to have so many servers phishing from our domains,” says Matthew Vernhout, Chief Privacy Officer & Manager, Deliverability at Inbox Marketer. “We aren’t in a field like financial services that experience these kinds of cyberattacks regularly. We were surprised to learn that Agari had found hundreds of thousands of phishing messages being sent. With CASL now in place, the ability to see and prove how much of mail sent is legitimate, how much isn’t, and, most importantly, how much is dangerous to your brand or consumers, is vital to any company.”
Eager to learn how email phishing could be affecting your brand? Our team is ready to help.