Dark Web data dumps are powering today’s sophisticated spear phishing threats, enabling them to fool even savvy employees.
Today’s biggest threat is phishing. Phishing through social engineering, messaging, and social media is growing, as is whaling. But the most dangerous threats that most companies face today come in the form of spear phishing attacks. These multipurpose attacks are used to deliver ransomware, score passwords, and cause cybersecurity trouble at companies of every size – and Dark Web data dumps are empowering spear phishing threats to become even harder for staffers to resist.
How Big is the Risk?
These 5 facts about spear phishing threats in the post-pandemic world illustrate how dangerous this threat is in 2020.
- 91% of incidents that end in a data breach start with a phishing attack
- 65% of cybercrime relies on spear phishing as its primary form of attack
- 88% of organizations experienced a spear phishing attempt in 2019
- Spear phishing has grown by more than 660% since the start of 2020
- A new phishing attack is launched every 39 seconds
Download our NEW eBook “Fresh Phish: How to Not Become the Catch of the Day in the 2020 Phishing Boom” NOW>>
How it Works
A recent spear phishing attempt against customers of Lloyd’s Bank illustrated how the nature of these attacks makes them harder for people to resist. In that scenario, customers received both an email and a text message warning that an unauthorized device had attempted to log in to their accounts. Customers were instructed to go to a special site to reset their password, but it really captured their information and gave cybercriminals access to their accounts.
The email, text message, and website were carefully branded and designed to look like a real communication from Lloyd’s Bank, and the 1 –2 punch of the email and text message fooled some customers into believing the lie. The bank was able to get warnings out about the scam, and the messages contained small errors that set off red flags for vigilant users, but the damage was done.
Most of these attacks are powered by the massive amount of leaked data that’s available on the Dark Web. Cybercriminals can make use of more than just stolen credential and credit card information to fuel cybercrime. You don’t even have to do it yourself: cybercrime as a service is a growing industry.
Personal data about millions of people have been stolen as well from social media breaches and other cyberattacks including passwords that are often shared and information about hobbies, interests, organizations, charities, pets, shopping patterns, and other lifestyle details – and it’s all used for cybercrime.
How to Defend Your Business
Give your staffers the tools and training that they need to be your strongest line of defense against phishing-related threats like ransomware. The power of security awareness training is undeniable – phishing resistance training makes staffers 84% less likely to fall for a phishing scam. Deploy a strong, dynamic phishing resistance training program with BullPhish ID to help your business avoid spear phishing pitfalls and stay safe from cybercrime.
5 Reasons Why You Should Choose BullPhish ID
- Regular security awareness training can reduce your incident risk by up to 70%.
- We add 4 new plug-and-play phishing resistance training kits (including video lessons) to BullPhish ID every month to keep staffers up to date on the latest threats.
- Security awareness training can reduce the impact of a successful cyberattack by more than 70%
- Choose from a library of more than 80 pre-loaded phishing kits, including COVID-19 threat training.
- Easy remote management including online testing enables companies to quickly and accurately find out who needs more help and train accordingly.
Give Phishing the Axe
Fighting back against spear phishing isn’t complicated. State-of-the-art phishing resistance training using BullPhish ID makes sure that your trade secrets and sensitive data are kept safe from bad actors and your people are ready for cybercriminal tricks so you can feel confident that your company is protected from today’s most devastating threats.