Business man surrounded by icons including cloud, wifi, padlock and fishing lines with hooks picking up documents

What is phishing and how to avoid costly mistakes

Phishing is a serious cyber security risk for every IT leader, and attacks are becoming more frequent and sophisticated.

Brother examine the impact of phishing, the latest scams, and offer top tips on how to keep your team safe. 

Phishing scams cost businesses billions of pounds/euros each year as cyber criminals become more organised. 

IT and security teams now spend a third of their working week dealing with the threat of phishing  . However, as IT teams get more savvy so too do the hackers, finding new ways to target your employees.

Russell Johnson, IT Business Partner at Brother International Europe said: “Focusing on the user is critically important. We have technical end point protection systems which are great   but if a sophisticated attack gets through then it is down to the user to protect themselves and the business.”

By learning the latest phishing trends and preventative measures it will save time, resource, and money. 

Latest phishing trends

There has been a rise in Business Email Compromise (BEC) attacks across Europe, specifically with criminals impersonating a company CEO. This impersonation attack tricks employees into taking action and is proving to be one of the most expensive types of phishing attacks
After researching their target - usually, finance managers – cyber criminals create a convincing spoof email address requesting a transaction
Austrian aerospace parts maker FACC lost €42m in a BEC attack after a hoax email asked an employee to transfer money to an account for a fake acquisition project.  
Italian football club Lazio also reportedly lost €2m in a similar phishing scam. The Serie A team released funds for a player transfer after receiving an email appearing to be from Dutch club Feyenoord.

A fake login screen collecting personal information for a phishing attack

Spoofed pages aimed at harvesting company credentials are also on the rise. 

Phishing emails take users to a fake log-in page for a corporate service like Microsoft Office 365 or Amazon Web Services (AWS). This can be disastrous for organisations as hackers access sensitive data stored on the account. 

For example, attackers recently impersonated Amazon Web Services using an automated email notification. Despite the hyperlinks looking credible an anomaly in the URL re-directed users to a fake log-in page.   

Cybersecurity consultant Rob Mukherjee advises businesses to use Computer Vision. This is a field of software which enables computers to replicate the human visual system, using algorithms. It is also a subset of artificial intelligence. 

Rob said: “The software looks at every single pixel and prevents emails from accessing the inbox if it spots an anomaly.”

A hacker ready to attack a laptop

Elsewhere, there has been a huge spike in phishing emails impersonating LinkedIn. Researchers saw a 232% increase in emails claiming to be from the social media site in 2022. 

Cyber criminals use display name spoofing and stylised HTML templates to trick Microsoft Outlook users into clicking on phishing links and entering their details.

LinkedIn is also being used to scout for potential spear phishing targets. Hackers used the social media site to identify system engineers and network administrators at Sony Pictures

Entertainment. Targeted phishing emails resulted in over 100 terabytes of company data being stolen and the attack cost Sony more than $100m.    

A fake LinkedIn login screen is a possible phishing attack

The true cost of phishing attacks

Phishing attacks are expensive and difficult to deal with. According to IBM, they were the costliest form of attack in 2022, with the average data breach costing $4.91m. 

Yet it remains the most common entry point for criminals. In fact, 82% of data breaches across Europe involved a human element in 2022. 

This constant phishing threat is not only expensive for businesses, but it has a direct impact on IT leaders who are dedicating more time and resource to it. IT and Security teams report that one email now takes an average of 27.5 minutes to resolve. 

How to protect your business against phishing?  

A combination of IT tools and behavioural change is the best way to protect your business.  

Dan Giannasi, Head of Cyber and Innovation at the Cyber Resilience Centre said: “Companies must take steps to protect their organisation by making it difficult for attackers to reach users. 

“This includes implementing robust email protocols which prevent known phishing emails from getting to users and stop criminals from mimicking their email domain in other attacks.”

By implementing a rule-based, business grade, email filter it will detect spoofed domain names and identities, which staff may miss easily. Advanced filters can also detect malware, such as port scanners and keyloggers.

Hand with a fishing rod phishing a laptop

Turning to behavioural change, Joshua Ashton, Director of Symposium IT, advises that your team treat any request for sensitive information with caution and try to verify the authenticity of the source before acting.  

It is also vital to educate teams about the common red flags of phishing and test their skills because, as Russell Jonson points out ‘human resilience can always be improved’. He heads up an in-house Cyber Security Programme for Brother International Europe which is delivered to 1,500 users. 

With a focus on creating ‘a human firewall’ the mandatory training is supported by remedial and optional guidance and articles on the latest trends. Each user is phished once a month using KnowBe4, a system which uses artificial intelligence to rate users across four different risk criteria. The programme has been well received by staff and the business is now on course to achieve the industry standard for its phish-prone percentage. 

Do you want further insight? Read our blogs on Security.

Or find out how Brother can support with your security concerns.

More from Security

You might also like

Back to top