Phishing used to be an exotic threat, but that was years ago when\u00a0malicious worms dominated the arena. Much has changed since then, and today phishing routinely hits hard \u2013 especially businesses. How does it affect them?<\/p>\n
What do they want?<\/strong><\/p>\n Well, there are many ways, but there\u2019s a single purpose: to steal something. Usually it\u2019s data \u2013 preferably\u00a0financial data and credentials. Phishing is the ultimate kind of social engineering attack. Most of the original attacks leveraging \u201cweaknesses in human interfaces\u201d were one-on-one attacks \u2013 effective, but not scalable. Phishing gives the criminals scale and the ability to go after hundreds or thousands of users \u2013 all at once.<\/p>\n How #phishing affects businesses<\/p>Tweet<\/a><\/blockquote>\n Cybercriminals create fake emails and websites\u2014meant to look like a popular online resource (a social network, online banking services, or online games \u2013 the latter are drawing more and more interest from criminals<\/a>) and use various social engineering methods \u2013 i.e. all kinds of possible trickery<\/a> \u2013 to lure users to the website and make them fill out forms with their personal data. And if users do it, they\u2019ve got them.<\/p>\n For years<\/a>,\u00a0phishers increasingly attacked financial services, reaching for the other people\u2019s and businesses\u2019 money, and as we reported last year, phishing in general is undergoing a sort of \u201ccommercialization\u201d: tools to commit crime are bought and sold actively, while, as our survey found<\/a>, \u201cthe effectiveness of phishing, combined with its profitability for criminals and the simplicity of the process, has led to a steadily rising number of these types of incidents.\u201d<\/p>\n Trends continued in 2014. Take a look at our new study<\/a> and updated numbers on the evolution of phishing, and financial damage it inflicts.<\/em><\/p>\n Business-gotcha<\/strong><\/p>\n Of course, commercial companies are more interesting targets, but to reach the corporate funds criminals have to phish-up certain employees, preferably high-level ones. Ideally, attackers would take on accounting\/financial officers \u2013 i.e. go the shortest route. But it\u2019s not always possible, so they just throw the net waiting hoping that someone gets caught.<\/p>\n To reach the corporate funds criminals have to #phish-up employees first.<\/p>Tweet<\/a><\/blockquote>\n