GSMA real-time intelligence data estimates there are now over 5.15 Billion people worldwide with mobile devices. With over 66% of the world’s population having a mobile device (cell phone, tablet or cellular enabled IoT devices) security is becoming a top priority for both businesses and individuals. Furthermore, as the number of devices continues to increase at record rates, so too do the threats from cybercriminals. One of the biggest threats to devices today is Malware. The McAfee Mobile Threat Report estimates the average person has 60-90 apps installed on their phone. These apps can do anything; online banking, controlling home heating, gaming, and help us work more efficiently. But our love of apps comes at a price. Symantec research found an average of 10,573 malicious apps are blocked each day. Additionally, the research found 1 in 36 mobile devices have high risk apps installed – in other words,  Malware.

What is mobile malware?

Mobile malware targets the operating systems on your phone for the purposes of doing “malicious things”. It includes spyware, adware, drive-by downloads, viruses, trojans, phishing, and browser exploitation. Even if your app isn’t malware, it may be susceptible. Research suggests that 76% of apps have insecure data storage, making them a popular target for cybercriminals.

5 ways your mobile device gets malware

SecurityMetrics highlights the top ways your mobile device gets malware.

  1. Downloading malicious apps – Malicious apps contain spyware or other types of malware designed to cause havoc with your system and steal data. Downloading apps from unfamiliar sources or in some cases even legitimate app stores can give you more than your bargained for.
  2. Ignoring regular operating system updates – We all do it, but the fact of the matter is ignoring regular operating systems updates exposes us to vulnerabilities and puts our devices at risk.
  3. Opening suspicious emails – Opening suspicious emails, and clicking links, or downloading files can guarantee a bad outcome.
  4. Using non-secure Wi-Fi/URLs – Public Wi-Fi and insecure websites increase your exposure to malware. You run the risk of exposing sensitive data transmitted from your device, as well as, being more susceptible to “man-in-the-middle attacks”.
  5. Receiving text message/vmail phishing – Just like in an email no legitimate source is going to ask for personal information about you or your device in a text message or vmail.

5 ways to protect your mobile device from malware

  1. Update, Update, Update – Ensure you keep your operating system and apps up to date with the latest versions of software. This guarantees your device has the latest security patches and critical software updates.
  2. Consider a VPN – A virtual private network (VPN) provides a secure way for you to access and share information over public Wi-Fi networks.
  3. Utilize mobile security software – Mobile security software prevents your phone from being infected with viruses and malware. It is similar to how antivirus software protects your computer.
  4. Download from trusted sources – Download from official app stores and only from reputable app creators (think companies).  Be skeptical of free apps that give you free things.
  5. Train employees – Regularly train your employees on cybersecurity, including mobile device security. Additionally, make sure you have security policies in place that include the use of mobile devices.

Backing up your data to the cloud won’t prevent mobile malware threats, however it ensures your data is protected. Regularly backup all of your important data – Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Wondering why you should use cloud backup? Top reasons include technology failure, cost savings, and security. We break it down in this informative infographic!


cloud backup infographic

(View infographic as a PDF)

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Data is everywhere; it’s like air. And the volume of data companies are accumulating is growing at an exponential rate. It is estimated that by 2020 every human will create 1.7 megabytes of information each second. This works out to more than 2.5 quintillion bytes of data a day. With data accumulating at such a rate, employee data theft is becoming more of an issue for organizations. Quest research found that 90% of organizations believe they’re vulnerable to “insider” theft. We often only hear about external data breaches, but the ramifications of an insider data breach can be just as destructive – if not more.

Alarming stats about employee data theft and loss

  • 27% of data breaches are caused by human error. (IBM)
  • 87% of employees who leave a job take the data they have created with them. (Biscom)
  • 8% of employees leave with data other employees have created. (Biscom)
  • 53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
  • 15% of companies found 1,000,000+ files open to every employee. (Varonis)
  • 55% of security professionals believe privileged IT users or admins are the most dangerous insiders. (Crowd Research Partners)
  • 25%+ of employees say they leave their computer unlocked and unattended. (Shred-it)
  • 1 in 4 executives and 1 in 5 small business owners said that a trusted vendor/partner was the cause of a data breach at their company. (Shred-it)

So what’s driving employees to steal data? In Verizon’s 2018  Data Breach Investigations Report, Verizon found that almost a third of all data breaches were insider jobs, and 75% of these were driven by profit, with ‘pure fun’ another top motivation.

The Verizon 2019 Insider Threat Report outlines the top 5 most common types of malicious insiders (not in any order):

  1. Careless workers
  2. Inside agents
  3. Disgruntled employees
  4. Malicious insiders
  5. Trusted third party’s

Preventing employee data theft

Control access

Limit access to your organizations sensitive data. 75% of employees say they have access to data they shouldn’t. Segregate sensitive or confidential data from your other data and limit access. Also, encrypting sensitive data is a good idea.

Automatically remove access

Create an automatic process for removing employees or vendors access to systems and data when they leave the organization or change roles. First of all, consider access to devices like computers and mobile phones, but also other areas like servers, intranets, business applications (email, ERP, CRM) and SaaS based software. A report from Ostermann Research found 67% of organizations couldn’t be sure they would detect if an employee who left was still accessing corporate resources. Even more alarming is 76% have no way of knowing when third parties such as contractors stop working on an organization’s systems and data.

Monitor systems and behavior

Watch for suspicious network traffic, including large volumes of outbound activity, remote connections or off-hours activity.  Monitor employee behavior including the use of external storage devices, cameras and cellphones.

Password protection

Secure all computers and devices with passwords. Ensure password best practices are followed, including updating passwords when an employee leaves an organization.

Secure network access

Secure network access with a firewall and ensure employees are remotely accessing the network through a Virtual Private Network. Additionally, encrypt and secure your Wi-Fi networks.

Employee education

Train all employees on cybersecurity, proper data handling and storage, and password protection practices. More importantly ensure employees understand the value of data and who owns the data.

Use the cloud

Protect your data by backing it up to the cloud. Backup best practices recommend you to keep 3 copies of data – one primary, two backups (usually 1 is a primary backup and 1 is mirrored on disaster recovery equipment). Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Scammers and hackers are constantly coming up with new ways to steal your personal information. These days the mobile phone in your pocket or purse is directly tied to your online identity. Scammers have devised a relatively new way to target that mobile phones – and grab all your personal and banking info –  called SIM swapping.

What is SIM swapping?

SIM cards are the tiny, removable cards found inside your mobile device. These cards are what makes a mobile phone yours. They identify you (as a mobile phone subscriber) and enable you to access your mobile provider’s network. In recent years, criminals have found a way to steal your mobile identity by swapping your SIM card through their own cell phone provider. They convince your carrier to switch your number over to a SIM card they own. This allows them to divert messages, access accounts and complete two-factor authentication. SIM Swapping is a costly problem. In August of 2018, cryptocurrency entrepreneur and investor Michael Terpin Sued AT&T for $200 million in punitive damages for permitting a $23.8 million theft in “SIM Swap” scam.

How SIM swap scams work

  1. Target you – SIM scammers need to obtain some key personal information like your name and phone number to make the scam work. Phishing emails are one way they get you to share your info. They can also find your info online, or via social media sites.
  2. Impersonate you – Once they have gathered enough personal information the SIM scammer calls your cell phone provider or uses the online chat to request a new SIM card in your name.
  3. Become you – Now that the scammer has a new SIM card connected to your phone number they can access all of the services/apps connected to your device – bank accounts, emails, pictures, calls, text messages, and much more.

The worst part of SIM swap scams is victims often don’t even realize they’ve been defrauded.

How to tell if you have been a victim of a SIM swap

MyCrypto and CipherBlade put together a great list outlining a number of ways to tell if you have been SIM swapped. Here are some of the highlights:

  • You receive a call from your phone carriers support when the attacker disconnects in order to try again. Don’t ignore this – they were just talking to someone pretending to be you!
  • Suddenly you have no cell reception and restarting your phone doesn’t fix it.
  • Before you lose your cell service or while on Wi-Fi you receive password reset emails from various services.
  • System notifications appear about account access and requiring you to re-enter your password.

How to protect yourself

While it might be impossible to completely protect yourself from scammers and hackers, you can certainly make it more difficult for them to take advantage of you. Here are some simple steps to start with:

Create a passcode/pin – Used to access your phone for online or phone interactions. Make sure you use a different PIN than other accounts.

Be wary of social media – Social media is a great resource for scammers trying to gain information on you! Make sure you don’t publish your phone number or really any personal information online. Birthdays, pet names, schools, and much more are common identification questions, so don’t make it easy for scammers to find this info.

Create unique passwords and usernames – While it is easier to remember just one username and password, make sure you use different usernames and strong passwords for all sensitive accounts.

Don’t click on suspicious links or email attachments – If a text, email, link, or attachment looks suspicious don’t touch it. Legitimate businesses, like banks, will not send you an email requesting you to disclose personal information.

Update your account details with your mobile provider – Reach out to your mobile provider and ask them to ensure any SIM swapping on your account occurs with you being physically present at one of their retail locations with a government-issued ID.

Regularly backup all of your important data – Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

It has happened to all of us – a PowerPoint file, graphics file or really any large file that urgently needs to get to people both inside and outside your company. Historically, you were pretty much limited to email, however many organizations and email tools have file size restrictions. If you were sending to someone internal, you would need to post large files on a server and tell them where to find it. Outside of your business you might have to send a DVD, CD, or USB by courier with your large file or files. Today, we have better options, including email clients, browsers, file sharing services and cloud storage. Let’s look at each file sharing solution in detail.

Email clients

Email was and is still is a viable way to send files; however, file size restrictions are the biggest limitation. Additionally, you also need to consider the file size your recipient is able to handle. So while you might be able to send a 50MB file it doesn’t mean the person you are sending it to can receive it. Online email services such as Gmail, iCloud, and have maximum attachment sizes ranging from 20MB for iCloud and to 25MB for Gmail.  If you are over the file size limit you will be directed to their cloud storage services.

There are a variety of email clients used by businesses and similar to the online email services organizations they will set maximum attachment sizes. This helps control bandwidth and storage costs.


Your browser isn’t just for surfing the internet! Firefox provides a quick and easy way for you to share large files with their Firefox Send service. This allows you to share files, up to 1 GB in size, without registering and with end-to-end encryption. You can share files up to 2.5 GB by creating and signing into your Firefox account.

Simply drag and drop or select files from your hard drive to upload. You can easily configure the link to expire after a certain number of days or downloads. Protecting the download link with a password is also an option. You can share you Firefox Send link through emails, social media, chats, or really anyway you want.

File sharing services

In recent years a number of file sharing services have become popular.


The popular file syncing and sharing platform, Dropbox, offers a stand alone file transfer tool. Unlike the typical Dropbox file, when using the file transfer tool, the recipient does not need a Dropbox account to access the file. However, the sender does need an account. Those with the free basic plan can transfer files up to 100 MB, while those on paid plans can transfer 2 GB to 100 GB, depending on the plan. The paid plans also offer the ability to add a password and expiry date for link.  Important to note, unlike the regular Dropbox file changes to the document made by the recipient are not synced back.


WeTransfer provides users with a simple way to send big files around the world. They offer both a free and paid WeTransfer Pro level. Files can be shared with both email and link options. With the free version no login is required and you can send up 2 GB of files that are deleted after 7 days. The Pro level is $12/month but it enables users to send up to 20 GB of files, set expiration dates and add password protection.


Similar to WeTransfer Smash enables users to easily send large files. With Smash there is no limit on files sizes and while there is no registration required an email address is necessary when you upload files. Smash offers both a free option and paid plans. With the free option files are available for 14 days. Their paid options include Premium at $5/month and Team at $12/month, with additional features like password protection and extended file availability. Files can be shared with both email and link options.

Cloud storage

Many popular cloud storage and cloud backup services have file sharing options built right into the product. As mentioned previously, Dropbox offers a Transfer feature for one-off sharing, but their full platform enables both teams and individuals to store, share and securely access files. For fans of Google there is Google Drive. It allows businesses and individuals to store, share and access files from any device. For individuals the first 15 GB are free. Businesses can leverage a pricing model that prices by active users and offers enterprise grade security and management tools. OneDrive and iCloud also offering sharing options, but not at the same level as Google Drive and Dropbox.

Cloud backup services, like Data Deposit Box also offer a file sharing solution. Data Deposit Box users can quickly and easily share (optional password protected) files and folders or folders they have backed up with anyone via email or link.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Malware threats are on the rise! So how are these viruses, worms, and trojans continuing to infiltrate businesses around the world? We break it down in this informative infographic!

Top 7 Weaknesses Malware Exploits

(View infographic as a PDF)

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

These days virtually every device, app or website requires a password. It is estimated that by 2020, the number of passwords used by humans and machines worldwide will grow to 300 billion. With that many passwords flying around, it’s important to consider some common mistakes and password best practices.

9 common mistakes when creating passwords

The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches involved weak password credentials. In their 2017 report this data point was 81%, so the lack of change shows how much of an issue weak passwords continue to be. Varonis has found that 65% of companies with 500+ users, never prompt users to change their passwords. It is also estimated that 28% of adults in the US use the same password for all of their online accounts.

Troy Hunt identified some of the worst passwords in version 2 of his Pwnd Passwords. Included in the list were 123456, 123456789, qwerty, password, 111111, 12345678, abc123, password1, 1234567, and 12345. The National Cyber Security Centre in the United Kingdom found in a breach analysis that 23.2 million victim accounts worldwide used 123456 as the password.

CNBC outlines 9 of biggest password mistakes:

  1. Changing passwords too often
  2. Making them too complex
  3. Not screening them against lists of compromised passwords
  4. Recycling the same passwords
  5. Being too familiar (using pet names, birthdates, etc.)
  6. “Remembering” password on a device
  7. Using common, easily hacked characters (123456, qwerty, etc.)
  8. Not password protecting mobile devices
  9. Storing a password list on computer

Password Best Practices

Now we know what not to do! Let’s review recommended best practices for setting and storing passwords.

  • Create a strong password – There are lots of opinions about what makes a strong password. In general, a strong password has a combination of upper and lower case letters, numbers, and characters. Opinions on password length range between from 8 to over 20 characters. Ensure you create a strong password for each account/website/device.
  • Stay away from the obvious – Avoid common passwords like noted above and easily identifiable information.
  • Leverage twofactor authentication –  With two-factor authentication just having your password isn’t enough. This precaution requires a PIN that is sent to you via email, SMS or app, to be entered with the password.
  • Test your password – Make sure your password is up to security standards by running it through an online testing tool. Microsoft’s Safety & Security Center offers a password testing tool that helps individuals and organizations create passwords that are less likely to be hacked.
  • Use a password manager – While people are good at remembering a great many things, relying on the human memory to store important passwords is risky. A password manager stores the unique passwords you have created for every website and will even help come up with passwords. It generally installs as a browser plug-in to handle the capture and replay of passwords. Recently, PCMag reviewed popular password managers for 2019, including Dashlane, Keeper Password Manager & Digital Vault, 1Password and LastPass Premium.
  • Change your passwords – It is tempting to keep using the same password, but changing your password periodically is a good idea. The Better Business Bureau suggests changing passwords every 30 days. However, many security professionals believe changing passwords frequently makes things worse as people have too many passwords to remember and use simpler passwords. Definitely change your passwords when there has been a security incident or cyber attack, unauthorized access, or you have logged into an account on a public computer.

Protect you and your information

Take the following steps to protect yourself and your data:

  • Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  • Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  • Ensure you and your employees are regularly trained on cybersecurity, proper data handling and storage, and password protection practices.

Remember, it only takes 1 weak password to compromise your systems, network and data.  Don’t be a victim, proactively protect your systems, network and invaluable data by implementing these 9 tips of what not to do, and 6 tips on what to do.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Backing up your data is like insurance. You need to do it so you’re prepared when disaster strikes. From natural disasters to hardware failures to malware, the threats are significant. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures claims that today, a business falls victim to a ransomware attack every 14 seconds – and this number will increase to every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018.

Not all backups are equal. Businesses can choose between backing up data to the cloud, or backing up data locally and on-site.

We’re going to shed some light on cloud vs on-site backups, and top considerations when evaluating which option makes sense for your business.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. It’s a snapshot in time, or your data, at that time. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters.

Individuals and businesses can either backup their data in the cloud (cloud backup) or locally (on-site).

Cloud Backup 

Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business to backup locally.  This includes local storage hardware like external drives, storage servers (NAS devices), tape, optical storage and related hardware. Data backed up to the cloud is encrypted and transmitted securely over the internet to a data center that houses the hardware on your behalf. Cloud backups come in a few flavors – private, public and hybrid.

Private cloud refers to a network, hardware and storage dedicated to a single organization. It is a costly option for anyone other than a large enterprise.

Public cloud refers to a cloud services provider who supplies the infrastructure and backup service; shared across many individuals and businesses. Public cloud providers provide greater scalability. However, data security is a concern since data is stored outside the organization. Popular public cloud backup services include Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Hybrid cloud is a mixture of both private and public cloud. Many hybrid cloud scenarios backup the majority of data with a public cloud solution; as it’s more scalable and cost effective. A private cloud may be used for sensitive data that is contractually obligated, or is required by law or regulation, to stay onsite.

On-Site backup overview

On-site backups are typically housed in an office. Data is backed up to devices such as network attached storage, storage servers, and tape. Generally, the backups are stored onsite for a period of time and then archived in secure offsite storage. Often organizations start by backing up to an on-site device, but find the cloud backup services to be a more viable solution because of recovery time, security, and costs.

Research by Clutch predicts 78% of small businesses will back up their data on the cloud by 2020. While the Acronis  2019 World Backup Day Survey found 48.3% of businesses rely exclusively on cloud backups and 26.8% use a combination of cloud and on-premise.

Which Backup Option is Right for You?  Top 3 Considerations for Choosing Cloud vs On-Site Backup

Recovery Time Time is money and the longer it takes to recover your data after a disaster, the higher the financial impact. Recovery time is highly dependent on how you’ve been backing up your data. On-site backups take hours, days, or even weeks to recover, depending on how and where they are stored. With cloud backups recovery time may range from minutes to hours. Only an internet connection is needed to start the recovery process.

Security – Backing up data on-site exposes it to the same risks as your business. Risks include natural disasters, fire, technology failures, and cybersecurity breaches. Cloud backups alleviate some of these issues as data centers are protected by tight security and have redundancy built-in.

Costs – With on-site backups you’re responsible for both the cost and maintenance of the infrastructure required. Costs include software, hardware, personnel, and overhead such as electrical. With a cloud backup solution you’re only responsible for the costs of storage you use. Backup-as-a-Service (BaaS) providers like Data Deposit Box charge a flat rate monthly fee based on the amount of data stored (measured in GB) per month. Additionally, they provide an easy to use calculator to help estimate your monthly storage costs.

When considering which option is right for you, it’s also important to think about the following:

  • Protecting your most valuable asset – data
  • Backup best practices require firms to keep 3 copies of data (one primary, two backups (usually 1 as a primary backup, 1 on mirrored on disaster recovery equipment)
  • Offsite, real time cloud storage of your data is the only true way to protect you against hardware failures, a disaster (flood, fire etc.), and malware

Don’t wait for a disaster or malware to strike. Protect your data!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The question isn’t if your business will experience a disaster, it’s when. From hardware failures to natural disasters to cybercrime, the threats to your business are growing in number and severity. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018. When your time comes, what impact will downtime have on your business?

The impact is huge

Gartner estimates the average cost of downtime to a business is $5,600/minute or ~ $300,000/hour. With this number in mind, it’s not hard to see that cyber threats have the potential to have a devastating impact on a business. Osterman Research found that 22% of businesses with less than 1,000 employees cease business operations after a ransomware attack. And the impacts aren’t just financial. For businesses that do survive, disasters also negatively impact morale, company reputation, productivity, and customer loyalty.

Is your business ready?

With natural disasters, cybercrime, and technology failures in the news everyday, every business must have a disaster recovery plan, right? A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management research found that 46% of SMEs don’t have a backup and disaster recovery plan. For those that do have a plan, 23% have never tested it. A 2018 Global Data Risk Report by Varonis found 21% of files in an organization are unprotected. So when disaster does strike, and there’s no plan or protection, if you’re lucky enough to survive, the financial and non-financial cost will be enormous.

The good news? Research from Datto shows that 90% of businesses with a disaster recovery plan fully recover.

Building a disaster recovery plan

A disaster recovery plan outlines the policies and procedures an organization needs to follow should a disaster strike. The objective is to protect the company’s most valuable assets (data, systems etc.), reduce downtime, financial impact, and get the business back online as quickly as possible to minimize impact on employees, customers and the brand. Plans can differ depending on the type of disaster, but the objective is ultimately the same.  There is lots of research and commentary on disaster recovery plans. Here are some of the key elements to consider:

Emergency response plan – Outlines the actions to mitigate damage to people, property and an organizations’ ability to function during a disaster.

Business continuity plan –  Logistical recovery plan used to restore normal business operations and processes in a disaster situation.

Contingency plan –  Often referred to as Plan B, a contingency plan addresses how an organization may respond to a future situation.

Business impact analysis – Process that determines and evaluates the potential impact of an interruption to critical business operations as a result of a disaster or emergency.

Recovery Point Objective (RPO) – Think about how often systems backup. When a disaster strikes and systems go down data can be restored based on the most recent backup. It is important to determine the frequency of backup that makes sense for an individual business. Would restoring data to the previous hours, days, or weeks data be sufficient to get the business live again?

Recovery Time Objective (RTO) – How long can systems be down before data is recovered and business goes back to usual? The RTO may vary by system. For example, it might be determined that an organizations’ Point of Sales (POS) system needs to be recovered in a matter of hours; while, an email system could be down for a day or two.

Communications plan – During a disaster communication is key. Ensure a plan is in place for communicating to employees, customers, partners and even the general public. In the case of a cyber security breach a communications strategy will help reduce the negative impact on the business.

Testing and training – Run drills to test the effectiveness of disaster recovery plans. Drills provide a great opportunity to tweak plans before a real disaster strikes. Ensure employees are informed about disaster recovery plans and trained on processes regularly.

Backup data – Regularly backup all of your important data at both the organizational and individual level. This ensures minimal disruption during a disaster. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Phishing gets lots of media attention; however, for many it is a bit of a mystery. What is phishing? Are there different types of phishing? How can you prevent a phishing attack? Let’s investigate each of these areas in detail.

What is phishing?

Wikipedia describes phishing as a fraudulent attempt to obtain sensitive information, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Attackers will spoof their email address to appear like someone else, set up fake websites, and disguise website URLs. It is becoming harder to figure out who and what you can trust. Avanan’s 2019 Global Phish Report found that 1 in every 99 emails and 1 in 25 branded emails is a phishing attack. Microsoft and Amazon are the most popular brands used in phishing emails. Additionally, 30% of phishing emails slip through security programs, so the threat is significant.

Phishing campaigns have two primary objectives:

  1. Obtain sensitive information – Phishing emails often seek to get you to reveal important information, such as your username or password. This gives the attacker the necessary info to access a system or account. It is very common for messages to appear like they are from your bank, credit card company, or a number of other places you would expect to be reputable.
  2. Distribute malware – The emails that aren’t stealing your credentials are trying to infect your computer with malware hidden in attachments (you can read more about malware in our blog here). Often these .zip files or Microsoft Office documents will appear to be something you are expecting, but in reality it is malicious code. In 2017, it was estimated that 93% of phishing emails contained ransomware attachments.

Types of phishing

There are a few different types of phishing. However, the one thing they all have in common is the fraudulent attempt to obtain sensitive information. Major categories of phishing are:

Spear phishing – Attackers craft a message targeted at a specific individual. Social media sites are often used to identify the target and gather information for the attack.

Whaling – Similar to spear phishing, but the target is a high-value person. The target is generally a person with power, a CEO, senior executive or board member, at a large organization.

Clone phishing – Attackers clone a legitimate previously delivered email and replace the links and/or attachments with malicious code. Clicking the links or opening the attachments enables the attacker to take control of your system and send additional malicious emails masquerading as you.

Phone phishing – Similar to email phishing, the caller claims to be a trustworthy entity like a bank or the government. They try to scare you with a problem that must be cleared up immediately. Their objective is to access account information or have you pay out money.

SMS phishing – These attacks are carried out by SMS text. The text message contains a malicious link that enables the attacker to obtain sensitive information.

Identifying and preventing a phishing attack

The harsh reality is that at some point virtually everyone and every organization will experience a phishing attack. The cost of phishing is significant. In 2018, the FBI’s Internet Crime Complaint Center reported that companies around the globe lost $12.0 billion due to business e-mails being compromised. The cost goes beyond just dollars and cents. Phishing attacks lead to decreased productivity, loss of confidential data, and damage to company reputation. Deloitte reports that 1 in 3 consumers will drop a company like a hot potato after they experience a cyber security breach.

However, there are steps you can take to reduce your chances of becoming a phishing victim.

  • Trust your gut – If something seems too good to be true, then it likely is. Be suspicious, not trusting. Legitimate organizations will never send emails asking you to provide personal information over the web. A quick Google search with the subject or text from a suspicious email will often identify if it is a known phishing scam.
  • Double check URLs – Before you click or enter personal information double check URLs. It is very common for a link in an email to say one thing but the URL is totally different. Mouseover a link first to see if it is legitimate.
  • Look for URL redirects – Make sure you are going to the URL you expect and not a different website with a virtually identical design.
  • Don’t trust urgent/scary emails – Attackers are generally trying to create a sense of urgency or fear. Question emails that are telling you to “Act Now” or “Pay Now”. According to KnowBe4 in Q1 of 2019 35% of phishing emails started with the subject line – “Password check required immediately.”
  • Watch for questionable attachments – Attachments are one of the most common ways to distribute malware. If it looks even remotely suspicious don’t trust it.
  • Don’t share personal info on social media – Avoid sharing personal information such as your birthday, phone number, or address on any publicly accessible social media platforms.
  • Educate, educate, educate – Knowledge is understanding. Regular training on new threats and what to look for are key to preventing a phishing attack.
  • Protect your data – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days