Phishing describes a type of social engineering where attackers trick individuals into disclosing confidential information or paying money into a fraudulent scheme. While phishing is also conducted via a text message, social media message or phone, most people use the term to describe cyber attacks that arrive by email.
Email used in 95% of cyber attacks
The Wombat Security State of the Phish2018 Report confirms that 76% of all UK and US companies experienced a phishing cyber attack in 2017. According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.
Targeted and personalised email
Email is the ideal delivery method for phishing as it can reach users directly and hide amongst the vast number of good emails that we all receive daily. Almost all spoof emails contain ‘click here’ links to convincing fraudulent web sites designed to make it easy to disclose the information required by the cyber criminal. Spear email phishing is tailored to one victim or group of individuals using specific and personal details. These details include the email address of the target and often refer to the names of co-workers and managers.
Fake CEO attack
Whaling is a specialised type of spear phishing that targets high net worth individuals or decision makers working at MD, CEO and CFO levels in an organisation. Commonly known as fake CEO attack, this methodology involves the perpetrator (before the attack) acquiring detailed information of other members of staff, suppliers, customers and trusted partners that may include accountants, lawyers and professional advisors. Spoof messages are often sent from these partners to managers with financial authority, asking for the payment of an outstanding invoice or order for new services.
Fake CEO attack is a major cyber threat for professional services firms in the UK. Wizard Cyber is a specialist cyber security partner to UK private equity firms, and many of the General Partners in our customer base have reported a significant increase in this type of email in 2018.
Wizard Cyber delivers a comprehensive solution designed to protect your organisation from cyber attacks that use email phishing. Our services are based on the recommendations of the UK National Cyber Security Centre who advocate a multi-layered approach that includes a combination of technological, process, and people-based cyber security measures.
To find out how Wizard Cyber can help you, enter your details in the form and we’ll get in touch.
Some error has occured.