Phishing Attacks Contribute To £27bn Lost To Cyber Crime

According to research conducted by Sophos in their report ‘The Impossible Puzzle of Cyber Security‘, 2 out of 3 organisations fell victim to a cyber attack in the last two years.10% of these organisations experienced 4 or more attacks in the same period.

Cyber attacks lead to multiple areas of concern. These include data loss, financial and reputational damage to the business.

But how and why are people falling foul of cyber criminals?

Phishing is seen as one of the biggest cyber security risks for an organisation, with 53% of UK businesses falling foul last year. Criminals have mastered the art of impersonation, down to the way a person in an organisation writes an email as well as creating a very similar email address, which can often include one changed letter.

When people are working at a fast pace, these details may slip past even the most diligent worker. Opening the door for the cyber criminals.

For example, your accounts team – or anyone in your organisation for that matter – could get an email from the Chief Executive, asking for an invoice to be paid often (but not always) by clicking on an attachment. The email could read something like:

“To: [email protected]
From: [email protected]
Subject: URGENT payment

Hi Jane,

I hope you’re well. Running a little late in meetings today and wondered if you could pay the attached invoice for me. It’s urgent, so if you could make the payment asap that would be great.

Kind Regards

John “

Now, Jane may be fooled by this as John is regularly in meetings and often asks her to make same day payments. However, it may not be often that John attaches something to the email.

In her haste to get things done, Jane clicks on the attachment, following the instructions and making the payment. Unbeknown to Jane she’s sent money to fraudsters who impersonated John.

Cyber criminals impersonated John, but instead of having a really strange email address which would have been spotted easily, the fraudster changed one letter in John’s email. Instead of [email protected] the fraudster emailed Jane using [email protected]

What can be done to reduce the chance of a phishing attack?

Preventing phishing attacks is possible, but requires cyber defences being toughened by introducing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol.

The DMARC protocol is recommended by the Government and stops criminals from impersonating an organisation’s email address.

There are ways criminals, suppliers and general public can check if DMARC has been implemented. They’re exploiting those businesses who don’t have DMARC to great effect.

According to ‘The Cost of Cyber Crime‘ 2018 Report by Detica in partnership with the Office of Cyber Security & Assurance in the Cabinet Office, stated that the estimated cost of cyber crime in the UK is £27 billion. This demonstrates that cyber crime is indeed a national issue.

With phishing seemingly taking the lion’s share, it’s worth looking at and potentially investing in some defences to kick cyber criminals to the curb.

Implementing a mixture of technical and cultural competencies is a sure fire way of keeping fraudsters out. having protocols such as DMARC combined with staff training enabling them to take time to spot suspicious emails and highlighting what they should look for if they have a gut feeling that an email isn’t right, will help your business become a cyber fortress.