Back to blog

Phishing Bait Keeps Getting Better and More Destructive

Pathlock
May 19, 2016

Phishing Bait Keeps Getting Better and More Destructive

You’ve won $500,000. Just click here to collect your prize. Or you’re account has been suspended and you need to click here to log in immediately. Or I need you to send me a report with critical data ASAP. No one ever thinks they’ll fall for a phishing email, click on a link, and download malware or send critical company data. That’s because it used to be too easy to spot a fraudulent email and simply delete it. The email was sent from a bogus address or there were so many misspelled it was obvious. But with billions of dollars at stake, cyber thieves have stepped up their game and are doing their research. There are cyber criminals who have set up fake LinkedIn profiles, posing as recruiters. They’ll connect with their target and then send an email with an attached job description that seems relevant. Unfortunately, that attachment contains malware. Or they send out an email that looks like it came from the CEO with a link to a confidential report that leads to malware. The telltale phishing signs are no longer there and the threats to a company are greater than ever. And no one is immune. Recently the City College of San Francisco (CCSF) discovered that a breach may have exposed approximately 7,500 student records. This was traced back to a phishing email that an employee received. It was disguised as a request for student information and looked legitimate. Meanwhile, just a few months ago, an employee at Snapchat received an email from his CEO requesting employee payroll information. The request and email address looked authentic so the information was sent, exposing current and former employee data. There’s a reason why cyber thieves spend the time to create authentic-looking emails and profiles – it works. So what steps can a company take to prevent a phishing attack from being successful? By incorporating an intrusion detection system or monitoring system along with Pathlock’s Cyber Governance solution as part of your overall cybersecurity plan, you can uncover malware and suspicious activity before it devastates your company. By leveraging baselining and user behavior analytics with these solutions, you will receive an alert when something out of the ordinary occurs. For example, the system learns that 10 IP addresses log in at a specific time of day, communicate with critical systems and perform specific activities. All of a sudden, a new IP connects to that critical system, sending requests and messages that have not been previously sent. This generates an alert so you can take immediate action. To learn more, click here to view the on-demand Webinar How Does Your Cyber Posture Compare?