Stemming the tide: how to protect your business from rising phishing attacks

As businesses seek to harness the digital transformation brought about by Covid-19, the fast, secure transfer of critical consumer data remains key to driving results

However, this data continues to be targeted by online fraudsters – with increasing sophistication and success. If the global pandemic has become bait for phishing attacks, what further steps need to be taken to safeguard digital business?

A perfect storm?

A surge in remote working and its heightened risk from insecure devices has allowed scammers to exploit both weak links in the security chain and public uncertainty. This leaves organizations vulnerable to online fraud, with severe repercussions for their reputation and operational efficiency. Current research paints an alarming picture: the average annual cost of a phishing scam in 2021 for a 9,600-employee organization has hit $14.8 million. This trend is mirrored in the UK, where analysis of Action Fraud figures shows a worrying 33% rise in reports of fraud between April 2020 and April 2021, causing an overall loss of more than £2.3 billion.

For fraudsters, customer data is the prize. Account usernames, passwords and other sensitive data can be swiftly infiltrated with the aim of generating bogus charges or extracting funds. While fake emails are the most pervasive means, the con can take many forms – either a call, link, or text – all under the guise of a legitimate interface, posing as a known brand. Using the pandemic as an opportunity, scammers have been using increasingly sophisticated, inventive means of exploiting consumers’ fears and vulnerabilities. The recent spike in fraudulent emails purporting to be from high street banks’ fraud departments is a timely case in point. The victims, already concerned about their financial security in the wake of Covid-19, are redirected to bogus sites and then lured into disclosing confidential information, in extreme cases, unwittingly handing over their entire life savings.

While the pandemic’s peak may be over, the phishing threat is here to stay – and is constantly evolving. Criminals have expanded their prey to cover sectors as far-reaching as social media, retail, logistics, travel cryptocurrency, cloud storage, file hosting, and gaming. Cybersecurity threats lurk both outside and inside businesses – from supply chain risks to rogue employees, emboldened by the ‘new normal’ of working away from direct employer supervision.

A strategic, holistic approach

How can businesses manage both the complexity of the current operating environment and the diverse, ever-growing cyber threat of the post-Covid landscape? A robust, expertise-driven approach is needed: one that delivers stringent protections without compromising the ‘anywhere, anytime’ seamless transfer of information that customers value. In the right hands, rigorous cyber security improvements can coexist with the hyperconnectivity needed to serve more imaginative applications in complex environments.

Technology providers with expertise in brand protection have the means to identify anomalies and shut down fraudulent sites fast. Using data analysis and intelligence, these experts can pinpoint specific issues and get under the skin of an attack in versatile ways. For example, thorough analysis of a scammer’s infrastructure and data from phish kits – the HTML package from which the phishing site is created – can expose clues and help identify the individual behind the attack. Likewise, the continual monitoring of content, hostnames, or URLs to distinguish between normal and rogue activity is often best outsourced to experts who have the time and the know-how to approach these operations in a proactive, in-depth manner, ensuring swift intervention before an attack takes place.

Once suspicious activity is confirmed, preventative action must be swift and precise. Brand protection experts can alert a network of ISPs, domain registrars and email and hosting providers to block consumer access within minutes of detection, thereby stamping out the threat before any damage is done.

Although technology is key to preventing phishing attacks, the human touch must not be overlooked. A holistic approach to brand protection is a must for businesses who value their customers’ trust and loyalty. Education and human input must work in tandem, especially in instances where foul play can be harder to determine. Therefore, the onus is on the business to instill a culture of vigilance and awareness into the employee mindset, shifting away from the passivity that opens them up to rogue communication.

With the growth in online fraud showing no sign of abating post-pandemic, it is more important than ever for businesses to stay one step ahead of the scammers. A combination of data-driven insight and human vigilance is necessary to cover all bases, allowing businesses and customers to step forwards confidently with the knowledge that their sensitive data is safer and more secure.

About the Author

Stefanie Ellis is AntiFraud Product & Marketing Director at OpSec Security. OpSec Security is the global leader in protecting, authenticating, and enhancing our customers’​ brands, services and revenues. OpSec delivers a comprehensive suite of end-to-end solutions, including advanced physical security technologies, supply chain track and trace services, and online/e-commerce monitoring and analysis.