Unless you live under a rock, almost everyone knows to be extra cautious on April Fools’ Day. Still, though, many of us fall as prey to a prank every year. With over 4.3 billion users in March of 2019 alone, the internet is an unlimited library for creative prank planning, making it more challenging to see a mischievous trick coming at you until you're already an April Fool.
This beloved holiday has been celebrated for centuries and although many argue over the origin, until modern times, the standard prank was all the same no matter who played it. Back in the 1500s, it is documented that the classic prankster would attach a paper fish on a young, gullible target the French called a “Poisson D’Avril” (April Fish) meaning someone who is an “easily caught fish”.
The Purple Guys IT Support, it’s April Fools’ Day every day. We’re on an intense lookout 24/7, all year round to prevent malicious pranks we that call 'cyber attacks'. We devote our efforts to the heroes in our communities, the local small and mid-sized businesses, which unfortunately are usually the more susceptible and gullible targets for email phishing. At the most basic level, email phishing attempts appear to be from legitimate contacts or companies that lure gullible email users into clicking spam links or downloading infected attachments in order to gain access to financial or confidential information.
Small and mid-sized businesses usually have a smaller security budget and therefore, a higher chance that their employees are not well trained on the latest Cybersecurity practices. A hacker’s chances for success are considerably high according to data from the recent release of the 2019 Symantec Internet Security Threat Report stating that a whopping 54.6% of the emails the average user receives per day is spam. That means the average email user is dodging a bullet with every other email they receive.
A modern-day, every day Phishing Fool looks like your average employee, untrained to spot phishing attacks and receives a version of the following emails:
- A seemingly legitimate offer appearing to be from a well-known brand like Amazon offering a $50 Amazon Giftcard if they fill out a survey. With some excitement for a tempting Free Gift, the employee clicks through and BAM! they’ve just been infiltrated. You might as well stick a fish on their back.
- An email from A bank, financial institution, or subscription account requesting that the recipient logs in to update their information immediately. Let’s say that email is targeted to an employee with access to the banking account for your business. They follow through with the update of financial data, and there goes the farm.
- A direct, spear phishing attempt where instead of preying on a larger volume of people, the hacker uses a more calculated approach that also usually invokes urgency and uses scare tactics. Through a little bit of research, the hacker targets a person or small group of people in a small to mid-sized business. An email goes out masked as the CEO containing a spam attachment that the employee needs to download immediately and Wham-Bam! Their computer and possibly your entire network including customer data was just breached and infected with malware.
Had any one of the Phishing Fools that have fallen victim to these common attacks been trained to spot phishing attempts, they could have seen red flags and likely prevented a breach.
What's the cost of an email phishing breach?
Hacking is not an expensive hobby anymore, it only takes a little bit of time and a few hundred dollars to get enough pieces of information needed to prepare a substantial breach attempt. However, it is very expensive to a small and mid-sized business, with 60% of small businesses closing shop within 6 months of a cyber-attack.
Downtime of your productivity from any technology issue is always frustrating but have you ever calculated the cost? According to Datto, IT downtime from an email phishing attack that resulted in ransomware costs a small business on average $8,500. For mid-sized businesses, the average cost from a phishing attack is $1.6 million says Cofense’s PhishMe Report.
Today, it is critical to place a high priority on cybersecurity training for your employees. Unfortunately, the stakes are too high and the hackers are getting more resourceful and creative every day. Don’t let your people be Phishing Fools and learn more about how to train your employees to spot phishing attempts before your business is on the hook.
For the entire month of April, The Purple Guys are offering a Free Dark Web Scan and Cybersecurity Assessment to small and mid-sized businesses located near our offices in the Greater Kansas City and St. Louis areas.
To get yours, call now or email firstname.lastname@example.org with the subject line “No More Phishing” and include your company domain(s) you would like scanned to find out if any emails associated with your company have been breached. We will also provide you with tips, tools, and training information to ensure your business is actively protecting against cyber-attacks.