Phishing Attacks: A Pandemic Overview
The term “phishing attacks” is one we are hearing a lot more of recently, and with good reason. These kinds of attacks are spreading wildly, to industries and sectors we simply would expect them to occur in. 75% of organizations around the world experienced a phishing attack in 2020, and 74% of attacks targeting US businesses were successful.
Phishing attacks are commonly carried out through impostor sites. These are exact clones of a website that are run by criminals and trick unsuspecting users into handing over their personal data or money. Criminals also use fraudulent communications such as emails and text messages that pretend to be from a legitimate company, asking the user to click on a link or respond with personal information. According to a 2020 AARP survey, “Half of US Adults Have Been Targeted By Impostor Scams”. No matter what technique the criminals use, their goal is to make the user click on an allegedly legitimate link, where they will be taken to an impersonating site. Once there, they can do anything stealing their credentials, gaining access to account information, selling counterfeit goods, or scamming them into transferring money to criminals.
Nowadays, launching attacks like these is common practice and very easy to do. Toolkits that automate the website cloning or spoofing process are easily available for criminals to use. If an attack succeeds, multiple issues arise for both the user and the organization. The first and most clear is the impact on the users. Their data & money have been stolen and their trust in the affected brand eroded. For the organization, this loss of trust combined with the effort and cost required to mitigate the damage from attacks like these can be detrimental to their businesses and their bottom line.
So far, targets of such attacks are offered protection via a variety of solutions that try to filter out attacks by scanning emails and marking out suspects, or creating a blacklist of links and other suspicious contents. Organizations also invest in computer-based security awareness training – educating employees to identify risks and attacks and simulating them to see how well they have been trained. Solutions are also available that scan for impostor and phishing sites – to allow the legitimate site owners to take steps to ask authorities for their removal. These solutions are far from effective in finding fake sites, and even when they are found, taking them down is a long and drawn-out process.
A solution is needed that is capable of proactively protecting both the organization and the user, and MEMCYCO has the answer. Its new PoSA™ software provides true, real-time layers of detection and prevention. For the user, an unforgeable digital watermark gives a positive visual authentication that the organization they are interacting with is legitimate, while a sophisticated alerting system will stop them from falling through the cracks of scams that already exist. For the organization, PoSA™ will detect and alert if and when there is an attempted attack on their website or pages, and create a profile of the attacker for it to take action. If an attack does occur, PoSA™ provides full visibility into the scope of the attack.
Phishing attacks are set to increase in all sectors of our digital lives and are getting more sophisticated. Both consumers and businesses must have the tools to protect themselves and most importantly, get ahead of the attacker to deter them.