Phishing is constant, relentless and a perpetually annoying threat for all Information Security professionals. As we move into year-end, it is important to remind your staff that phishing is all about being timely and this is the time of year where we typically see a significant increase in phishing emails specifically targeting finance. With renewals, bonuses, and all of the other year-end activities, it pays to be extra vigilant when it comes to emails that are asking you wire money or change where payments are sent. If you receive an unusual request over email and you are not sure if it is legitimate, you can always forward it to your Information Security or Technical Services team for verification. You can also call the person using a known telephone number to validate that the request was legitimate.
At Intrinium, we are seeing a large increase in targeted (AKA SpearPhishing) attempts where they are sending emails pretending to be key personnel:
It helps to have some technical controls to help defend against this!
How big is the phishing problem?
Over the past 3 years, there has been a 10x increase in terms of incidents reported and the amount of money stolen. The first half of 2018 saw more money stolen through phishing than the previous 3 years combined, and it is only expected to get worse.