Did you know 60 percent of small businesses that have been hacked go out of business within six months of the cyber-attack? With phishing scams on the rise, businesses need to be aware of the various attacks in circulation and how to be prepared if they fall victim to a malicious cyber-attack.
Take a look at the following ten phishing examples in 2017 that targeted small businesses.
The ‘Shipping Information’ Phishing Scam
In July this year, internet security company Comodo disclosed a new type of phishing scam specifically targeting small businesses. Phishing emails were sent out to more than 3,000 businesses, including the subject line ‘Shipping Information’.
The email noted a forthcoming delivery by United Parcel Service (UPS) and included a seemingly innocent package tracking link. When the recipient clicked on the link it contained malware, potentially releasing a virus.
On May 12, 2017, WannaCry exploited a weakness in Microsoft’s operating systems to deliberately infect computers. When the worm was infiltrated, it encrypted the infected operating systems, rendering them unusable. The hackers subsequently demanded a ransom for unlocking the encryption. Small businesses void of up-to-take IT infrastructure were particularly exposed to the WannaCry attack.
In June this year, the Petya ransomware attack hit businesses, preventing victims from accessing their data until they paid $300 in bitcoin. The ransom ware exploited vulnerabilities in Microsoft systems.
Shipping company Maersk was a victim of cyber crime and has said, following the attack, it has put “different and further protection measures” in place.
Hacking group Shadow Brokers first surfaced in August 2016, but in April this year the group made its most impactful release yet. The attack comprised of a trove of alleged NSA tools, including a Windows exploit known as ExternalBlue. The Shadow Brokers leak has revitalized concerns of the dangers of using bugs in commercial products for intelligence-gathering.
IRS W2 Tax Season Spear-Phishing Scam
At the beginning of this year’s tax season in the United States, a spear-phishing attack circulated. The W-2 Phishing scam involved cyber criminals sending out fake emails. The hackers deliberately made the emails look like they were being sent from corporate executives.
The fake emails requested the personal information of employees for purposes related to tax and compliance.
By the middle of March 2017, the phishing scam had compromised more than 120,000 employees at more than 100 different organizations.
Business Email Compromise (BEC)
Earlier this year, the Nigeria-based Business Email Compromise (BEC) attack hit over 50 countries, targeting more than 500 businesses, predominantly industrial companies. The phishing scam prompted recipients to download a malicious file. When the file was downloaded, malware would gain authorized access to business data and networks.
Phishing Attack on Chipotle
In February, a group of cyber-criminals in Eastern Europe sent out emails laden with malware to staff of Chipotle. By clicking on the fake emails, the oblivious staff inadvertently enabled the hackers to compromise the POS systems of the majority of Chipotle locations. The hackers were then able to obtain the credit card data of millions of people.
Google Docs Hack
In May, more than 3 million workers worldwide were forced to stop work when phishers sent out fraudulent emails invitations on Google docs inviting recipients to edit documents. When the recipients opened the invitations, they were taken to a third-party app, which enabled hackers to access individuals’ Gmail accounts.
Phishing Attack on Qatar
In the first quarter of 2017, businesses in Qatar were targeted with tens of thousands of phishing attacks in just a three-month period. Qatar’s phishing attacks involved the hackers sending out malicious emails and SMS texts to businesses, designed to compromise valuable information and data.
Amazon Prime Day Phishing Attack
Known as the Amazon Prime Day phishing attack, hackers are sending out seemingly legitimate deals to customers of Amazon. When Amazon’s customers attempted to purchase the ‘deals’, the transaction would not be completed, promoting the retailer’s customers to input data that could be compromised and stolen.
So, what’s the morale of the story involving the huge rise in phishing attacks that target small businesses and cause so much destruction?
As the consequences for businesses which ignore the security risks of phishing attacks can be disastrous, it is within every companies’ interest to implement solid cyber security measures. Instead of essentially waiting for an attack to happen, businesses need to develop a security policy that becomes ingrained into corporate culture. Part of this culture should be paying extra caution when receiving emails from unknown sources and avoiding opening such emails or clicking on malware-infused links.