The occurrence of phishing emails has seen a 789% rise since last year, according to a new report by PhishMe. And the rise is directly tied to the recent spike in ransomware. The total number of reported phishing emails in the first quarter of 2016 was 6.3 million.
“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber criminal enterprises,” said Rohyt Belani, CEO of PhishMe.
What is phishing?
We’ve been talking about ransomware non-stop this year. However, phishing is a less talked about subject. So what is it? Typically, a phishing email is one that appears to come from a legitimate source asking for you to update various pieces of information such as credit card numbers, bank account numbers, social security numbers, and passwords. Many people fall for this because the email says it is coming from their bank or some other company they do business with. They will type in their information and send it directly to the inbox of a hacker. Once the cyber criminal has the information he will use it to steal money or company secrets. He may also use passwords to access other accounts and steal information and money from other people.
How are businesses affected?
Businesses are the most popular targets for cybercriminals because they generally have more money than an average individual. Also, cybercriminals have been able to devise new ways to attack businesses. Rather than randomly sending out phishing emails in bulk, hackers have developed specific emails for soft targets. For instance, the IRS recently released a warning to payroll and human resources professionals. Hackers were directly targeting this type of department within a company with a certain type of phishing scheme. Hackers would impersonate company executives, even matching their email address exactly, and then ask HR workers to reply with a list of employees and their personal information, including social security numbers.
Another type of phishing attack known as “whaling,” targeted the financial and accounting industries earlier this year.
Phishing and ransomware: a match made in heaven
The report by PhishMe found that 93% of phishing emails today contain ransomware, according to WeLiveSecurity. Last year, only 10% of phishing emails contained ransomware (except for a steep rise to 56% in December of 2015).
The rise of ransomware-containing phishing emails has been attributed to the ease in which hackers receive money. Instead of waiting to sell stolen information on the dark web, they receive cash almost immediately when victims have to pay the ransom. Their cash flow is constant and direct.
Hackers specifically target businesses because they usually contain the technical know-how in order to purchase and pay with Bitcoin, the untraceable online currency. Businesses are also more likely to have the funds to pay the ransom quickly.
How to combat the problem
Like we have said over and over again, you need to backup your files to a device or place that is separate from the original files. Preferably you should utilize an on-site external backup (not connected to the network or the internet) and you should utilize an off-site cloud backup.
As another proactive approach, employees need to be trained on how to recognize a malicious email. They should be very wary of all links and attachments in emails and they should never give out sensitive information via email no matter who appears to be asking for it.