Phishing remains one of the biggest cyber-threat criminals are using in order to access a company’s most valuable assets – their clients. Black hats continue to send phishing campaigns to steal consumers details and this rings especially true for the retail industry.
Spear phishing (or CEO impersonation) is another popular tactic amongst hackers: by targeting bigger fish criminals hope for a larger payday.
Phishing Case Study: Popular Supermarket
In the retail industry, companies often do not require their customers to log-in to a portal, leading cyber-criminals to craft advanced phishing attacks.
For example, one of our clients was targeted through a fake ‘Customer satisfaction’ survey. The targeted individuals were promised a monetary reward for filling in a simple survey. Once the victims had answered all the survey questions, they were asked to submit their credit card details in order to receive the credit. Of course, the victims never receive the promised reward, but got their credit card details stolen, with which criminals could then access their funds.
These attacks were detected through our feeds and taken down extremely quickly. The benefit of taking these attacks down so quickly is that majority of consumers that fall victim to these attacks and click on the links won't be taken through to the phishing site. Consumers can't fall victim to a site that doesn't exist!
Spear Phishing Case Study: Popular Household Hardware Chain
The spear-phishing attempts that FraudWatch International sees targeted towards the retail industry is very similar to those seen within other industries.
A fake domain name will be registered which will closely resemble the targeted brand’s legitimate domain, these domains are then used to send emails to specific staff members within the targeted organization, purporting to be from their CEO. The spear-phishing emails contain the names of the targeted individuals showing that the cyber-criminals have done their research on the organisation. They also frequently target a handful of high-risk targets; typically, members of the finance team or someone with access to important information.
Fortunately, in majority of cases that we see, the recipients of these emails do not fall victim to the attacks and immediately forward the emails to our team for action. These attacks remain a major risk for organisations around the globe. The sophisticated and targeted nature of spear-phishing attacks mean that employees are much more likely to fall for them than regular phishing attacks.
Our team responds to attacks by investigating the headers of the spear-phishing emails to find the server from which the attack originates. Our experts then take appropriate measures to have the domain suspended and the mail server stopped: this ensures that the email address and mail server can no longer be used to send malicious emails. In the case someone did fall victim to the attack, our quick action ensured that the criminal would not be able to receive any replies from the victims.
How to Protect Your Own Business from Phishing
Having an efficient anti-Phishing solution to protect your business, customers, partners and brand reputation is not an option anymore. Contact us today to get a quote from the experts of the cyber-security industry: it’s our core business!