One of the greatest security risks to your business is one that can slip through your door unnoticed. It lurks in emails, text messages, mysterious phone calls, and unsolicited visitors. And as technology evolves, it evolves as well.
The risk? Phishing attacks. Inflicting millions of dollars worth of damage to businesses each year, phishing is a pervasive problem from which no business is immune, no matter how big or small.
What is Phishing?
Simply put, phishing is a process that hackers engage in to gain access to sensitive information.
Depending on the goal of the attack, hackers may depend on trojan malware or ransomware being installed on computers, other times their targets may offer information freely, unaware they’re even being manipulated.
While phishing attacks are typically attempted via email, they can also be performed over the phone, through text messages, over social media, and even in-person. The ultimate goal of phishing is to trick the victim into doing what the scammer wants them to do.
A brief history of phishing
The strange spelling of “phishing” isn’t an accident. In the 1980s, notorious for their abilities to reverse-engineer phones in order to make free phone calls, some of the first underground “hacker” communities were known as “phreakers” (phone+freaks).
The “ph” at the beginning of the term “phishing” signifies the cultural link between the old phreaker communities and modern-day hackers, though the term “phishing” didn’t formally emerge until the mid-1990s.
The first known phishing attack actually took place in the mid-1990s in an effort to steal usernames, passwords, and credit card information. At the time, America Online (AOL) was one of the most popular internet service providers and offered internet access to millions of Americans.
Spotting the opportunity for a massive payday, hackers discovered a way to steal passwords and create randomized credit card information using fancy algorithms. When they were caught, they changed their mode of operation.
In the first known instances of email phishing, hackers began sending emails to users posing as AOL employees. In these emails, they asked users to verify their account and confirm billing information. Since this type of attack was so new, the hacker’s victims didn’t know any better. AOL was eventually forced to begin warning users of these schemes.
While phishing emails are still an effective form of hacking for attackers today, other methods of acquiring sensitive information quickly emerged.
In the early 2000s, hackers began creating copycat websites for banking institutions and popular eCommerce websites in order to gain access to personal and financial information.
Over time, different forms of spyware and malware developed as a way to maliciously and covertly get access to private data in addition to, and in conjunction with, phishing attacks.
Phishing as a business IT risk
As technology evolves and new systems of communication are employed around the world, hackers continue to create and optimize their phishing strategies.
The FBI estimates that phishing scams cost US businesses an average of $5 billion annually, with thousands of companies being victimized each year. While the aim might be the retrieval of personal data or to plant ransomware, these attacks can also be a way to get a foothold on corporate or government networks in an effort to perform a larger attack in the future.
Stolen information can be used for identity theft, trading information on the dark web, blackmail, or even for espionage. And believe it or not, only 3% of hacking attempts exploit technical flaws in computer systems.
It’s reported that 97% of phishing attempts are part of a larger social engineering scheme. In fact, 77% of these successful attacks begin with a single phishing email.
Need help identifying gaps in your company’s security? Commprise offers IT security and compliance auditing, including phishing tests. Book a call.