The FBI says businesses in the United States lost more than $246 million to spear phishing attacks in 2015, dwarfing the losses from any other kind of attack, including phishing, ransomware, and credit card fraud.
The most costly attacks aim to trick executives or other employees with access to the firm's financial resources aka money. The emails are designed to fool the target into transferring money–often tens or hundreds of thousands of dollars–to the bad guys. The messages are often disguised and look like they come from your CEO or CFO and often have spoofed email addresses, headers, and all of the signature and other details an authentic email would have. Many times, the emails will ask the victim to transfer money as part of some new acquisition or supplier relationship, which doesn’t exist.
This trick cost Platte County in the Kansas City area $48,000
Bad guys already have your info
Even if you've never been phished, the bad guys have your info. How? Well, we all know at least one person who's been phished. If the attackers send email to the address book, they likely copied all the contact info as well. These giant lists of personal information sell on the dark web for a lot of money.
2 Step Verification is too easy not to do!
It's only one click! This week 2 Step Verification can leverage a prompt, like the one below, that will pop up on your phone. One of the best ways to protect the organization from becoming more exposed to these attacks is to keep the bad guys out. Company employees will be exposed the most in a direct attack. These phishing attacks expose the address book and likely a full list of company employee contact information. The more intelligence the bad guys have, the more likely you'll be targeted for additional attacks.
Users can now choose any of several 2-Step Verification options in the Sign-in & Security > Signing in to Google > 2-Step Verification section of My Account.