Skip to content

Term of the Week: Phishing

What is it?

An exploit in which an attacker, typically using email, attempts to trick a computer user into opening web links, entering personal information into a web form or fake website, or taking an action that allows the attacker to obtain sensitive information. Spear phishing targets a specific individual or group of individuals using personal information.

Why is it important?

Phishing and spear phishing are the most common attack methods for attackers to gain an initial foothold into an organization or obtain sensitive data.

Why does a business professional need to know this?

Email phishing is one of the most popular methods used by cybercriminals to trick users into taking actions that install ransomware onto their computing devices. In the first quarter of 2016, the cybersecurity researchers at PhishMe Research determined that ransomware accounts for 50% of all phishing email messages.

As of the end of March 2015, 93% of all phishing emails analyzed contained ransomware(PhishMe 2016). In the first quarter of 2016, the number of phishing emails hit 6.3 million, a 789% increase over the last quarter of 2015(Cofense 2016). Subsequent studies from PhishMe and other researchers continue to show the same trends.

With all the technical and administrative controls in place today, our cyberattacks are still growing at an alarming rate:

  • 91% of breaches start with spear phishing
  • Average time to identify a breach, 146 days
  • Average time to contain a breach, 82 days
  • The global average cost of a data breach, $4 Million(Cofense 2016)

Business professionals looking for a defense must familiarize themselves with the emotional triggers that persuade and convince users to interact with phishing messages.

These emotional triggers can be:

  • The promise of a reward for interacting
  • The appearance that the message comes from a respected person, such as a family member or a boss
  • An appeal to curiosity

Phishing email attacks usually ask the recipient to click a link, enter data in a form, or open an attachment.

Because humans are the first line of defense against cybercriminals, we must educate our customers and co-workers so they can recognize malicious phishing attempts and report them to the appropriate authority.

References

About Jeffrey Rogers

Photo of Jeffrey Rogers

Jeffrey Rogers has over 20 years of IT security experience and holds Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Security+, and EC-Council Certified Hacking and Forensic (CHFI) certifications. As vice president of the Customer Success and Technical Operations Group, Jeffrey is responsible for overseeing and growing Cofense’s customer support and client success teams. Previously, Jeffrey served as PhishMe’s senior client engagement manager, where he worked alongside customers to develop and manage unique phishing awareness programs. Jeffrey holds a master’s degree in information security assurance from Capitol College and a bachelor’s degree in finance from the University of Kentucky.

Term: Phishing

Email: Jeffrey.Rogers@cofense.com

Twitter: @vangoghz

LinkedIn: linkedin.com/in/vangoghz

Facebook: facebook.com/phishme

Leave a Reply