Phishing: How Fraudsters Hack Your Companies through Your Employees
Among many cases of cybercrime, a case involving phishing is most discussed. Phishing is a classic fraud method which is conducted by exploiting humans’ emotion and relationship. The perpetrators lure victims to hand over their credential information, such as name, address, telephone number, email, OTP code, access to the company’s IT system, and other credential data. With such information, the perpetrators can take over account, make financial transactions, steal money, apply for loans and other actions that can harm the victims. With today’s technological sophistication, phishing is increasingly rampant.
Human is the loophole in the security system
Phishing attack to companies has been prevalent. Instead of directly hacking into companies’ security systems ( which is risky and expensive), the perpetrators opt to ‘hack’ the companies’ human resources. They can bypass companies’ security systems by exploiting employees through security loopholes. They might impersonate vendor and ask for urgent wire transfer by sending emails to employees. Alternatively, they might send employees scam emails with eye-catching subjects and lure them to click a link inside which turns out to bring malware. Through the malware, the perpetrators can get access to employees’ devices and steal the companies’ credentials. Therefore, giving sufficient education to employees about phishing threat is essential as part of prevention efforts.
In fact, 83% of company respondents experienced a phishing attack in 2018. According to Global Infosecurity, this percentage represents an increase of 76% compared to the figure in 2017. The victim companies indeed suffered from financial and reputation losses.
What victim companies should do
Conducting prevention efforts are always better than recovering from losses. However, there is a time when companies have to face the harsh reality of being attacked by phishing. Therefore, companies should prepare the countermeasure actions including investigation, to minimize the damage and losses as well as to improve the security system.
Investigating cyber fraud requires a lot of resources, labor, and time. One of the challenging parts in the investigation is the victims, perpetrators, and witnesses could be in different jurisdictions. However, such a case can be resolved if the investigator uses a combination of internet research, conventional investigative tools, and cooperates with law enforcement in different jurisdictions. Companies are strongly advised to work with experienced and professional third-party carrying out business investigation services to handle a fraud-related case.
Integrity has been trusted by its clients as a provider of risk mitigation and business investigation services – including fraud audits and investigations, theft investigations, asset tracing, skip tracing, and litigation support. Our analysts and our investigators are personnel who are equipped with skills and experiences in conducting business investigations. For more information about business investigations, do not hesitate to contact us.