Information Security Week newsletter about large companies that have suffered losses from phishing.
If large companies, which have professionals and financial resources to invest in security, are victims of phishing , imagine SMEs that need to optimize spending, and issues such as security are almost never a priority.
According to new research from German security firm HSB, US small businesses are reporting an increase in suspicious emails. And the main problem is that employees are taking the bait by falling for these phishing schemes and transferring tens of thousands of dollars of company funds to fraudulent accounts without realizing it.
According to the survey, more than a third (37%) of businesses received an email from someone pretending to be a manager, director or supplier requesting payments.
And amazingly, almost half of the employees who received these emails (47%) responded by transferring company funds, causing losses in the range of US$50,000 to US$100,000, more than half a million reais at the current exchange rate .
This scam is quite convincing because in many cases, cybercriminals gain access to business email accounts and impersonate company managers.
cybersecurity practices before placing an order via email. Don’t just trust what the email says, call the person and confirm that the payment is legitimate before transferring the money.” said Timothy Zeilman, vice president of HSB.
This is Brazil!
I know the survey refers to US companies. But Brazil is the country that receives the most phishing attacks worldwide . According to research by Axur, a Brazilian internet risk monitoring company, in the first quarter of 2020 Brazil broke a new record in the number of attacks .
We often receive examples of phishing emails from customers. These messages are used in scams that try to steal access to email accounts, bank access details, credit card details and others. See below some recent examples.
Examples of Phishing
The first example is an email with the subject “Note:: Email will be Blocked. exceeded storage limit…”.
One of the main characteristics of phishing emails is spelling errors and out-of-context phrases.
Now, pay attention to the page and address to which the user is redirected when they click on the “Login” button.
This page is a copy simulating Locaweb's webmail and hosted on Elasticbeanstalk. The inattentive user can enter their access data and their account will be used by criminals.
Now see the example below where criminals try to simulate an email from Banco do Brasil, informing that the device's security has expired and it is necessary to update it by clicking on the link.
After clicking on the link, the user is redirected to the page in the image below.
Incredible isn't it!? This scam certainly caused many victims!
How to keep your office safe from fraud
Lumiun serves small and medium-sized companies throughout Brazil, providing internet access control a , without the need for technical knowledge. All office equipment is protected and employees are more productive by blocking websites outside the scope of work.
See in this video how a phishing attack works, and how Lumiun comes into action to protect your company:
Access the website www.lumiun.com , request a demonstration or consult the plans and prices to make your office safer and more productive quickly and easily.
3 comments
Comments closed