Has Someone Impersonated Your Email?
While only contributing to 6% of spear-phishing attacks, business email compromise has caused more than $12.5 billion in losses since 2013.
In these attacks, cybercriminals impersonate an employee within the organization. Often in these emails, they ask for a wire transfer or access to sensitive information. Because these emails look to be coming from within the company, often an employee will follow through with the requests.
Traditional email security can’t stop these attacks, because they are extremely personalized, so they are not seen as spam and are not blocked by security gateways. Furthermore, these attacks spoof domains and display names, as well as social-engineering to make these emails seem more believable to employees.
Companies need a combination of artificial intelligence and employee training to not only help prevent these emails from coming into inboxes, but to prevent employees from following through with the attack’s requests.
Did you know?
> 97% of all employees can’t reliably identify phishing or spear phishing emails.
> 99% of the installed network security systems can’t stop a well-crafted spear phishing email.
> 93% of all data breaches start with an email attack.
Can you spot the difference between spear phishing and legitimate emails?
To see more examples of phishing vs. legitimate emails, download BCS’ Spot the Phish Challenge, click here.