Tech Tuesday: Phishing Emails By Hackers Cost Americans Over $675 Million Dollars & It’s Only Getting WorseJune 4, 2019
Tech Tuesday: Phishing Emails By Hackers Cost Americans Over $675 Million Dollars & It’s Only Getting Worse
By: Kip Kirchberg, Cyber Security Specialist
In 2018 over a billion dollars were lost to email phishing campaigns worldwide.The FBI estimates that criminals made off with over $675 million from phishing campaigns that targeted US based businesses. As you can imagine, with this type of payday, Hackers are working very hard everyday to find new ways to trick employees into giving Hackers their credentials or other sensitive information.
Email Phishing is a type of cyber-attack that utilizes email as a weapon to infiltrate a company’s network or computer system. The primary goal of the attacker is to get the recipient to believe that the message is something they want or need.
For instance, a Hacker could be disguising an email so that it appears to be coming from an internal employee or resource. The Hacker would then use the email account to pose as an internal employee and communicate in a way that is convincing to the receiving party.
Example: a Hacker would craft an email that would be very similar or identical to one that is typically received by a legitimate employee. Hackers are very careful to copy email signatures, names, and often email addresses to make the email look and feel legitimate.
The Hacker will then use this email to phish a company’s HR personnel. In this example, the goal of the Hacker is to convince the HR person that the targeted employee needs to have their Direct Deposit information changed. If successful, the Hacker would make a request to redirect Payroll Direct Deposit information for the targeted employee to a hackers account.
Now you are probably thinking that banks can recover the funds or freeze the transaction. This is where things really start to get interesting. The accounts setup by these Hackers are typically pre-paid credit card accounts. In a successful transaction the Hacker gets an alert that the money has been loaded onto the credit card. As soon as the funds are available the Hacker then begins the process of purchasing goods using the pre-paid card or begins the process of transferring the funds to offshore accounts until it can no longer be traced.
By the time the employee or organization realizes that they have been phished and redirected payroll funds for the targeted employee it is often too late. Most of the time the Hackers have already spent the money or transferred the funds so they are no longer traceable.
Believe it or not this is a common attack method. These type of phishing attacks are highly successful because it utilizes social engineering. This very attack hits us at our core as it targets our want and need to assist our employees or teammates.
Now Phishing is not limited to just social engineering but is also a tool that can also be used to trick users into visiting a website to download malware or open a document that contains malware. Typically, these type of…