As witnesses of the impacts of phishing attacks, ECF Data has been one with the US government in celebrating October for Cybersecurity Awareness Month. For 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) highlighted four key steps in enabling basic cyber hygiene practices. One is the Think Before You Click: Recognize and Report Phishing. 

What are Phishing Attacks, and How Does it Affect Businesses? 

Did you know that in Q2 of 2022, the Anti-Phishing Working Group (AWPG) recorded a whopping 1,097,811 phishing attacks? This sets a new record and the worst quarter recorded by the APWG. If you’re aware of how phishing works, this number wouldn’t be surprising because phishing attacks are relatively easy to execute since cybercriminals don’t need to deal with infrastructure vulnerabilities and infiltrate a system.   

Phishing happens when scammers impersonate a reputable entity or trusted person and send a fraudulent message tricking a clueless victim into providing sensitive information with email being the most common channel for hackers.  

These attacks come in various forms, but usually, it tries to:  

• Steal your money or identity through your private credentials   
• Gain control over your online accounts  
• Extort you to send valuables or money  
• Infect your device with malware  

5 Phishing Attacks that Broke Out History 

Here are some phishing attack examples that make us realize how essential it is to learn how to protect against phishing attacks:  

1. Sony Pictures 

In 2014, Sony experienced a huge data leak, breaching over 100 Terabytes of confidential company activities. The top-level employees opened the malicious attachments as the criminals pretended to be colleagues. The damage became astonishing as it leaked personal information about the employees and their families, email (NOTE: revolting) conversations, confidential salary information, the company’s future film plans, scripts, copies of then un-released films, and much more.    

2. JP Morgan Chase 

Also, in 2014, the financial institution announced that their data had been compromised and affected 7 billion businesses and 76 million households. The hackers infiltrated the bank’s defences and seized the employees’ sensitive data. They obtained clients’ names, postal addresses, and phone numbers. This incident makes JP Morgan and Chase one of the most severe intrusions and one of the largest data breaches into an American corporation’s information system in history.   

3. Target 

Target is the second-largest department store retailer in the US. Their phishing attack in particular proves that anyone can be targeted by phishing emails. The hacker installed malware on Target’s partner company, which became their entry point to access Target’s network. From there, they added another malware to the company’s system, allowing them to steal their client’s debit and credit card information.  

4. Upsher Smith 

The Upsher-Smith Laboratories learned a hard lesson: phishing could result in costly damages. The company was swindled out of more than $50 million within a 3-week duration. The phishers impersonated the US drug company’s CEO and instructed the accounts payable coordinator to perform nine fraudulent wire transfers. Though they discovered the scam before completing the nine transfers and recalled one wire which cost $39 million excluding interest, it’s disturbing that the hackers were still able to make the $50M transfer.   

5. Facebook and Google 

It’s unthinkable that two of the largest technology firms experienced a $100 million loss from a phishing attack. But this made them a classic phishing attack example as they fell victim to a fake invoice scam. The phisher sent multiple bogus multi-million-dollar invoices that imitated its 2-year supplier, with attachments of letters and contracts that appeared to be approved by the higher-ups of Facebook and Google. 

The company took legal action, and the cybercriminal was sentenced to five years.   

How to Protect Against Phishing Attacks  

To not fall victim and be a phishing attack example, there are two things that you can easily do – be aware and be informed. A cliché in cyberspace is the saying, “Think before you click” easily applies to phishing attacks.   

For businesses, educating and training their employees to protect against phishing attacks is a must. Moreover, informing what should be done in case these attacks happen and how to report the attacks must be carried out.    

Some of the solutions offered by Microsoft for businesses to protect against phishing attacks are the following:  

• Microsoft Defender for Office 365 offers holistic protection of Microsoft 365, including online storage, files, and email, against malware. Because it secures you against unsafe attachments, it works complementary with the security features of Exchange Online Protection in strengthening zero-day protection.   

• Microsoft Exchange Online Protection is a cloud-based email service that offers enterprise-grade reliability and protection against malware and spam. Through various filtering controls, users and businesses can further improve their protection services against phishing attacks.   

• Microsoft Edge and Windows Defender Application Guard work in tandem. The duo is designed to shield your business against rising threats using Microsoft’s Hyper-V virtualization technology, a unique hardware isolation approach.   

How to Report a Spam 

If the phishing attack examples happened to you, don’t keep it to yourself. Report it. Read below to know the step-by-step guide with Microsoft solutions.  

• Outlook.com – Choose the box next to your dubious message in your inbox. Click the arrow next to Junk, then select phishing.   
• Microsoft Office Outlook – Select the suspicious message, then choose Report message from the ribbon, and click phishing. This method is the quickest way to report phishing attacks and delete the message from your inbox. It will also support Microsoft in improving its filters, so expect that, in the future, you can see fewer of these messages.   
• Microsoft Edge – If you’re browsing a suspicious site, select the Settings and More icon, which can be located at the window’s top-right corner, and select Help and feedback > Report Unsafe site.     

 Is your business prepared for such scenarios? Do your employees know how to protect against phishing attacks? ECF Data is your expert partner for your cybersecurity needs. Get your FREE assessment by clicking the button below.