26 November 2019- Today it was announced that the amount of damages caused by phishing has increased again in the Netherlands. This is shown by figures from the Dutch Payments Association and the Dutch Banking Association. Phishing therefore remains a major problem that organisations have to take into account. Many of the highest profile breaches over the past two decades — including those affecting major banks, retail chains, and government organisations — were made possible because one person clicked a link or attachment in a phishing email. But how can organisations and their clients protect themselves?
Many shapes and sizes
Phishing includes many types of fraudulent online activities targeting a group of people or a single senior executive, like with CEO fraud or spear phishing. Legitimate links are often replaced with fraudulent ones. These links appear to lead to a trusted organisation but are in fact redirecting you to a web page set up to collect your personal information. The main goal of all attacks is to lure victims into sharing personal information, unknowingly providing access to (financial) systems or opening the door to their IT environment for more substantial penetration. Lately phishing shifts to SMS and WhatsApp shared messages.
increasing number of phishing sites
In the news item (in Dutch) that was broadcasted and published by the NOS (an important Dutch news channel) it became clear that it is becoming easier and cheaper for criminals to set up a phishing site. The NOS also reported last year that ready-made counterfeit bank sites are being sold to criminals on the internet.
According to the Dutch Payments Association this means that more and more attacks are taking place and that the falsified websites are becoming more and more credible, with the result that fraud through these kinds of channels is increasing sharply. This is also what Cybersprint has noticed among its customers.
In the first half of 2019, bank customers lost a total of €3.1 million due to the interception of their security codes. In the last half of 2018, this was still €2.4 million. Fraud involving bank cards also increased. In the last half of 2018, this was still EUR 2 million in damages, but in the first half of this year it was EUR 2.6 million.
Last year, the amount of damages due to phishing started to rise again, after it had actually decreased for years. In 2018, it even almost quadrupled.
What can you do against it?
Despite years of work, and billions of euros invested in security technologies, phishing remains an ever-present threat to modern businesses. Since the attackers find new ways of tricking the customers into their counterfeit websites every day, it is necessary for organisations to try to find ways to protect the organisation, their clients and the people working for the organisation against these types of cybercrime. Using smart technologies, setting up mail protection protocols, restricting account permissions and provide accurate security trainings help to overcome many of these challenges.
Have a plan to fight back
Hopefully it’s obvious at this point that no single approach can completely negate the threat posed by phishing. If your business is going to avoid becoming a victim — and incurring the hefty costs that come with it — you’re going to need a comprehensive plan for securing your network, and systematically managing risks associated with phishing.
For noteworthy tips and tricks, download our whitepaper ‘Phishing, the million-dollar threat to your organisation’ giving you more insights into phishing tactics and what you can do against it.