Targeted Phishing Makes Organizations Vulnerable Micheal Goodwin April 29, 2014

Targeted Phishing Makes Organizations Vulnerable


Well we can’t say the world isn’t evolving.  According to recent statistics from Symantec’s ISTR, targeted phishing campaigns increased 91% in 2013.  Not only have the attacks increased but their sophistication has as well.

“Phishing” is an attempt to coax sensitive information such as usernames, passwords, personal information, or account access from individuals by masquerading as a trustworthy entity such as a bank, credit card, website, or even as IT administrators.  In increasing numbers phishing scams have been targeted at large organizations where not just individual credit card information is vulnerable but large databases of customer and personal information is kept.

Of course, with large organizations come large security budgets so phishers have taken to targeting smaller businesses who are often contractors or vendors or larger organizations and therefore present an opportunity.  In the past many of these attempts have been ridiculous like the 2007 phishing attempt as the IRS offering $80 for an online satisfaction survey.  Who could have believed that one?

Today, phishers have become more sophisticated using social engineering and our own curiosity against us to gain access to user account information and gain access to online accounts, computer systems and data.  Fortunately the best protection against these types of attacks sits atop our shoulders.  If an email seems suspicious, too good to be true, or out of character for the entity sending it — be suspicious.  The easiest way the validity of an email is to copy a key phrase from the message then paste it into your favorite search engine.  Use the Internet against the attacker to see what others are saying about the message you received.

In a business environment, bring up email and Internet security in employee meetings and in training.  Have a security policy outlining what employees are to do if they suspect a malicious email.  Also, deploy strong e-mail, network, and computer security systems to help protect data and isolate attacks should an employee make a mistake.