1 in 4 Companies is at Risk of a Phishing-Related Data Breach

Workers are more plugged in than ever as the rise of remote and hybrid work has created an extremely email-dependent business world. More than half of all remote workers rely on email as their primary form of communication. At the same time, we’ve seen a historic increase in both phishing and data breach risk for the past two years, spawning an email security problem that impacts every business. An estimated one in four businesses had an email security breach in 2020, and one-third of these email security breaches can be traced to phishing.  

The relationship between phishing and a data breach has been apparent for years. A solid 90% of incidents that end in a data breach start with a phishing email. This is reflected in the  Verizon Data Breach Investigations Report 2021 (DBIR). Once again, phishing takes the crown as the top data breach threat that organizations face. This is the third year in a row that phishing has topped the chart, beating out insider acts, malware, and even human error. But it doesn’t stop there – phishing that directly caused a data breach increased by 10% in 2020 and that’s a substantial jump. The risk of phishing causing a data breach is so severe that the phishing category still tops the DBIR list even without the inclusion of ransomware, which has grown into such a behemoth that it’s earned its own category.  

Clues That You Might Be Looking at a Phishing Email:

Does the sender’s email address match the company they’re claiming to represent?   

Pay careful attention to the spelling of the company’s name to be sure it is correct. An official email will come from a company’s official domain.  

Is the subject line misspelled or weird?  

A seriously misspelled or poorly worded subject line. is a hallmark of phishing. Also, proceed with caution if the subject line is full of emojis and if the subject line uses an unusual format or font.  

Does it have an attachment?  

Over 90% of phishing emails use an attachment to deliver their malware payload. Don’t open an attachment that you’re not expecting, even if it looks like it’s from a sender that you can trust.  

Is it instructing you to take an action like reset your password? 

Carefully consider the links that a message asks you to click to see if they’re going to the company’s actual domain. Fraudulent password reset requests are a staple of phishing. 

Does the email say it’s from a major company but look unusual?  

Beware of branded email messages that don’t quite match up to the messages that you usually receive from that company. Email cloning or spoofing is a classic phishing technique 

Is the message strangely formatted with logos or colors that aren’t quite right? 

This is the place where it’s easiest to see that something is amiss. If the content of the message has blatant spelling, grammar or usage errors It’s probably not legitimate. The same goes for other body elements like logos, layouts, colors, headers, footers or fonts.  

Is the email about a hot topic like COVID-19?   

Cybercriminals have flooded inboxes with pandemic-related scams, and they’re still going strong. Google estimates it blocks 18 million COVID-19 scam emails a day from its 1.5 billion users.  

Does anything at all about the email seem off to you?   

Stop interacting with any message that doesn’t pass the smell test and contact an IT administrator immediately. Even if it’s legitimate, you’re always better safe than sorry.

Source: ID Agent