Something's Phishy: November 2017 Cybercrimes UpdateAuthored by: Jim Stewart, Founder DocuSend, powered by MTI. Posted on Nov 14, 2017
Criminals Make Email a Weapon of Choice:
- ➥ One in 131 emails contains malware, the highest rate in five years.
- ➥ Business Email Compromise (BEC) scams target over 400 businesses a day.
- ➥ In 2016, the most effective bank robbers were armed with computers, not guns; billions of dollars were stolen in virtual attacks using emails.
- ➥ The United States was the biggest—and softest—target. Symantec found 64 percent of Americans are willing to pay a ransom, compared to 34 percent globally.
Why Crooks Make Invoicing a Prime Target
- ➦ Manipulation – An email stating an invoice is attached can provide enough interest for the user to consider opening it.
- ➦ Urgency – The user is concerned there may be penalties involved if a financial document is not addressed expediently.
- ➦ Simplicity in the Request – It’s easy to ask the user to click a link—and then they’re hooked.
- ➦ Drive-By Emails – A particularly dangerous class of cyberattack email is threatening to infect PCs without the user opening an attachment. The user will not even be warned this is happening—the only message that appears is that it's ''loading.'' Malicious software begins downloading the moment the user clicks to open it.
Draw Your Own Conclusions
As we've all seen recently, even the world's biggest tech companies aren't immune to data breaches and cyberattacks. The vast majority of cyberattacks use social engineering, such as phishing, to trick employees into taking actions detrimental to the company. Many large and high-profile breaches have started with successful phishing attacks. A recent report from threat-management provider PhishMe found that 91% of cyberattacks start with a phish, and upping technology-based defenses can't address those kinds of vulnerabilities. Here is a partial list of data breaches that have taken place since January 1, 2017:
E-Sports Entertainment Association (ESEA), Xbox 360 ISO and PSP ISO, Arby’s, Verifone, Dun & Bradstreet, Saks Fifth Avenue, UNC Health Care, America’s JobLink, FAFSA: IRS Data Retrieval Tool, Chipotle, Sabre Hospitality Solutions, Gmail, Bronx Lebanon Hospital Center, Brooks Brothers, Kmart, University of Oklahoma, Washington State University, Deep Root Analytics, Blue Cross Blue Shield / Anthem, California Association of Realtors, Verizon, Equifax, U.S. Securities and Exchange Commission (SEC), Sonic, Yahoo!, Hyatt Hotels.
If the security of organizations like these can be hacked, how challenging would it be to target your database, or that of your clients? That's why more and more companies are thinking twice before sending their sensitive documents through the internet. And one of the safest ways to deliver invoices and statements is the United States Postal Service (USPS).
United States Post Office: Protect Your Business and Your Clients
In 2018, two-thirds of American households are forecast to opt to receive invoices and statements through the mail, many of them stating internet security concerns. Consumers just are not afraid to open a document delivered by the US mail—and with good reason. There are more than 200 federal laws that protect the sanctity of the US mail, and all are aggressively enforced. That’s more than 200 reasons criminals don’t even try to exploit the mail.
To keep up with today’s ever-changing technology, software users and their consumer-based clientele want expanded and optimized delivery and payment channels. They want providers to offer more choices to interact with them. Americans have a passion for better alternatives, and being forced into receiving documents and payment methods they are not comfortable with can result in resentment and disappointment. Especially when it involves their security.
DocuSend certainly provides a rock-solid solution for the document distribution channel. It's as efficient but much more secure as sending an email and it's faster than buying a stamp. It takes a few minutes to upload your PDF file and you're done. Give it a try and find out why we have a 95% customer retention rate.
PhishTank is a free community site where anyone can submit, verify, track and share phishing data.