Phishing is an attempt to obtain sensitive information, such as usernames or passwords, in order to use the
information for malicious purposes. Phishing is usually carried out by email and often uses fear, familiarity or
intimidation to get the user to open an attachment, click on a link or visit a web site that hosts malware.
By doing this, they can get employees to launch malicious files on their computers, attacking an entire network
or gaining access to highly sensitive company information without the user realizing it. Corporate employees
are particularly vulnerable since they are an easy entry point to sensitive data.
One of the most notorious phishing attacks was the Carbanak attack of 2015. It operated by sending a spearphishing email to a bank employee, which contained malware that enabled them to launch an exploit and steal credentials. They had several methods of cashing out.
In one method, ATMs were instructed to dispense cash without any interaction with the ATM itself, and mules would then collect the cash. In another method, they transferred money out of the organization and into criminals’ accounts through the SWIFT banking network.
The criminals also created fake accounts with a relatively high balance with mules collecting the money. All told, the scam managed to collect $1 billion, and it all began with emails to employees that launched an exploit.
What can you do to protect your company?
Education is the key. Many employees don’t realize what an important role they play in protecting their
company. With any phishing or social engineering attack, all cyber criminals need is a few pieces of information, such as name, date of birth or address, to gain access to multiple networks.
From there, it’s just a few simple steps to reset passwords and gain unlimited access. With the vigilance of your employees, you can protect your company from an initial entry into your network.