Phishing Scams Will Explode in 2020--Take Preventative Action Now Before Your Company is Attacked

Phishing Scams Set to Overwhelm Companies in 2020. Is Your Company Ready and Capable of Stopping Damaging Security Breaches Due to Widespread Phishing Attacks?

Preventing 2020 Phishing Scams Means Taking Action Now

Adam Mahoney, an IT professional with Network Outsource in New York City with a specialization in the education market recently shared a story from one of his connections in the NYC education community.

Sam L. works for a financial aid department overseeing one of the largest universities in the U.S. He receives hundreds of emails daily from financial aid staff, students and general university staff. One day, Sam receives an email with the subject line: "Employee Action Needed: IT Department Notice". The email informed him of a potential threat to the university's server that required him to reset his email password by clicking on a link. Everything about the email looked perfectly legitimate to Sam.

Sam reset his password according to the instructions provided. In less than one minute, Sam had unknowingly allowed sophisticated hackers to infiltrate the university's financial aid department system. Hours later, hackers had stolen social security and credit card numbers. Within days, students began reporting ID thefts, unauthorized purchases and cash withdrawal charges to their credit cards.

Why Phishing is the Most Successful Internet Scam in HIstory

Studies show just how successful phishing scams can be even among people who are knowledgable about phishing emails. Keith Marchiano, with Kyocera Intelligence in Baltimore, shares a story from Baltimore's University of Maryland, researchers delivered phishing emails to nearly 500 students to discover susceptibility rates. Thes fake emails claimed to threaten users with the cancellation of accounts, bill students for unpaid fees and entice students with cash rewards. The study found that 59 percent of students targeted by phishing emails clicked on the link within the email. What made this study especially interesting is that the students who fell for the phishing scams "identified themselves as knowing what phishing is and what to look for in suspicious emails"!

Another phishing research study involved six health care institutions that sent 95 different phishing campaigns comprised of hundreds of thousands of emails over the course of several months. More than 14 percent of recipients clicked on the link included in the phishing emails. However, the study notes that informing recipients they were tricked by simulated emails as soon as they clicked phishing links resulted in "decreased odds" of that recipient clicking on another simulated email. This suggests companies might consider simulating phishing attacks to bring awareness to employees of potential breaches.

Phishing Nightmares for Companies Will Continue into 2020

In addition to educating employees about phishing scams, company executives can start taking aggressive action against phishing attacks by implementing the following strategies:

1. Use two-factor/two-step authentication for signing in with passwords. Once an employee authenticates, a verification code is sent to their phone
2. Ensure software is as update as possible. Unaddressed software vulnerabilities are easily exploited by phishing attacks
3. Secure browsers by running an HTTPS extension
4. Install reputable anti-virus software
5. Consider utilizing blockchain infrastructure to prevent phishing attacks. Blockchain relies on distributed databases to secure information instead of storing information in one location. Companies with such decentralized databases can adequately address unique security concerns involving password confirmation devices

Preventing phishing attacks should be the #1 goal of medium and large businesses in 2020. In fact, hackers may be planning to target your company right now so don't wait until the damage is already done.

This article does not necessarily reflect the opinions of the editors or management of EconoTimes.