Is Phishing Still an Issue?

Written by Kristi Salmon on August 31, 2017.

facebook twitter linkedin

Phishing – the attempt to get financial or other confidential information from a person or business online – has been around for years and it doesn’t look as if scammers intend on stopping anytime soon. In February 2015, authorities announced that, over the past two years, a cybergang called Carbanak used phishing techniques to steal more than $1 billion from banks, e-payment systems and financial institutions in 30 countries around the world.

It appears Carbanak used spear phishing techniques to make off with all that money. Spear phishing uses emails that appear to come from an individual or business the targeted person knows, rather than generic messages (such as those addressed to “Dear Sir or Madam”) that scammers have been using for years.

This was the state of phishing and malicious attacks back in 2015, with security experts predicting 2016 would be the worst yet for businesses. Then we entered 2017.

With the recent attacks of ransomware - like WannaCry and Petya - businesses are becoming increasingly targeted by hackers. Back in 2015, Malwarebytes spokesman Adam Kujawa predicted that future phishing attacks would target a wider range of employees, such as those with access to potentially lucrative data, such as a firm’s customer accounts.

Think your employees are too savvy to fall for what looks like an obvious scam? IBM researchers discovered that businesses are seeing more and more malicious email, with a 4x increase of spam in 2016 alone, and email is still the number one method of delivering malware. During the summer, Google experienced a major phishing attack against their Google Doc users. 

Cyber experts say that businesses need to be vigilant to prevent phishing attacks. Here are ways to protect your organization and customer information:

  • Choose passwords carefully. Resist the natural urge to use one password for all the sites you visit. When you do, it just makes things easier for scammers. All your passwords should be very different from each other and contain random letters (both uppercase and lowercase), numbers and symbols.
  • Make sure you are current with patches, updates and security software. When you receive notices advising you to update your software, follow through. Most browser and operating system updates include vital security patches and may be able to detect phishing messages as malicious.
  • Think before you act. If you get an email from a “friend” asking for a password or other information, be suspicious. If you’re not sure it is actually from someone you know, call or send a separate email to the person verifying it’s legitimate. If the email is from a bank or another business, be extra careful before replying, clicking on a link or downloading any attachments. Legitimate businesses don’t send out emails asking for account information or passwords. One easy way to check if an email is a scam: check for spelling errors and bad grammar. Many phishing emails contain atrocious misspellings and mangled grammar.

To learn more about keeping your business safe from spear phishing attacks, log on to