Preventing Phishing Attacks

HOW EMAIL |ВЕСАМЕ 70000 0000 CO00R THE WEAKEST LINK AND WHAT CAN BE DONE ABOUT IT 1 IN EVERY 99 EMAILS IS A PHISHING ATTACK IN A 5 DAY WORK WEEK, THIS AMOUNTS TO 4.8 PHISHING EMAILS PER EMPLOYEE BUSINESSES COULD BE RECEIVING ATTACKS EVERYDAY AND NOT KNOW IT 30% + of phishing emails make it past default security For example, in breach existing security measures 5% are whitelisted by an administrator 25% Office 365 THE COST OF PHISHING From 2013 to 2016, From 2016 to 2017, CYBERATTACKS* COST BUSINESSES OVER PHISHING ATTACKS $5 BILLION INCREASED BY 65% WORLDWIDE * Including ransomware, business email compromise, and phishing leaks In 2018 83% 64% 35% of people received phishing attacks of infosec professionals were targeted by spearphishing of professionals don't know what "phishing" means TODAY, A PHISHING ATTACK ON A MIDSIZE BUSINESS COSTS AN AVERAGE OF $1.6 MILLION 67% 54% 50% Damage to reputation Decreased Loss of productivity proprietary data 1 IN 3 CONSUMERS WILL STOP USING A BUSINESS AFTER A SECURITY BREACH HOW PHISHING WORKS Attackers send emails or other communications, manipulating the receiver into opening a malicious file or clicking a link RESULT: MALWARE IS AUTOMATICALLY DOWNLOADED to their device Or, a SPOOFED WEBSITE collects login credentials resulting in compromised information OVER HALF More than 2 in 3 phishing attempts used a malicious link of all phishing attacks contain malware RESULT: Fake Invoices paid, false bank transfers made When someone clicks, the attacker gains prolonged access to the system – On average less than 2 minutes after the email reaches the inbox CATEGORIZING PHISHING ATTACKS CREDENTIAL HARVESTING SPEAR PHISHING EXTORTION MALWARE Emails impersonates trusted Targets victims by asking Malware is hidden in Targets high level employees, brands and often link to for money in exchange an innocuous link that influencing them to spoofed login pages for keeping secrets triggers a file to download complete a manual task Lures victims to divulge personal Establishes authority by Bypasses standard scans Difficult to detect, as email information like passwords including a password or that only examine doesn't contain malicious and payment info spoofed email address the email body links or attachments 41% 8% 51% 0.4% OF ATTACKS OF ATTACKS OF ATTACKS OF ATTACKS POTENTIAL COSTS: Up to Up to $400 $5k $2.4 $7.2 per account *per user million million THE BAIT THAT GETS EMPLOYEES ΤΟ BITΕ Most Successful Attack Scenarios Business Email Compromise (BEC) combines several categories, using spoofing, impersonation, and social engineering to extract WORKERS FALL FOR Office communication Social Safety Retail FAKE CONTENT THAT TARGETS THEM AS 16.8% 16.3% 12.2% 11.8% monetary gain for a malicious actor CONSUMERS HACKERS PREY ON TRUST 1 in 25 branded Phishing emails spoof trusted brands: Shippers emails is Microsoft amazon.com Banking & finance -DHL. FedEx. ups phishing 43% 38% |L9.7% 2.5% MANY LEGITIMATE EMAILS MAY CONTAIN POTENTIAL SIGNS OF PHISHING, MAKING DETECTION DIFFICULT 98% Does it include the address of a crypto wallet? Is This Email Phishing? 35% Does it link to a Wordpress site? 9% Was it sent to others anonymously (Using a "BCC")? 5% Does it contain links with shortened URLS? Chance of Phishing (%) 4% Is it from a trusted brand? 3% Does it link to a file on Google Drive? EMPLOYEES CLICK LINKS THAT PLAY ON FEELINGS OF FEAR AND URGENCY 28% 44% "Warning" 34% 40% "Grievance filed" of ebola outbreak with State Bar Association "Complaint fileď" "Open enrollment" with Board of Accountancy notice GET AN EMAIL SECURITY PLATFORM Look for a tool that catches attacks before they reach the inbox Intelligent Scanning Full-Suite Protection Layered Security Al trained to catch Monitors beyond messages Relies on best-of-breed advanced attacks -like file-shares and security tools configuration changes Adapts to future trends and new methods of phishing Protects inbound, outbound, and internal-to-internal Protects the entire collaboration suite messages Sources: SECURE EMAIL IS THE KEY TO A SECURE BUSINESS vadesecure.com/en/spear-phishing-cost regmedia.co.uk/2016/05/12/dbir_2016.pdf betanews.com/2018/07/18/credential-stuffing-cost statista.com/statistics/420391/spam-email-traffic-share the-parallax.com/2018/08/06/porn-extortion-scam-breached-passwords accenture.com/_acnmedia/PDF-62/Accenture-2017Costcybercrime-US-FINALpdf AVANAN DEVELOPED BY cofense.com/wp-content/uploads/2017/11/Enterprise-Phishing-Resiliency-and-Defense-Report-2017.pdf N NOWSOURCING radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf info.wombatsecurity.com/hubfs/wombat_Proofpoint_2019%20state%20ofx20the%20Phish%20Report_Final.pdf www2.deloitte.com/content/dam/Deloitte/uk/Documents/consumer-business/deloitte-uk-consumer-review-nov-2015.pdf