From Amazon’s Prime Day scam to fake websites offering iPhone 11 Pro and tricking people into bogus COVID-19 vaccine sites – the last couple of months have seen a massive spike in phishing attacks. Bad actors have constantly lured users to log onto phishing sites as a way to steal their usernames and passwords. Then there were more targeted and potent phishing attacks, and even seasoned journalists like
Phishing and fraud campaigns are not new and always existed in the history of cyber threats; but the number of incidents is escalating due to the rapid shift to remote work across the enterprise – thanks to the pandemic.
Parminder Kaur, Associate Director, Digital Transformation Practice, Frost & Sullivan, believes that the low volume-high impact phishing attacks seen in recent months are more sophisticated and targeted. “These are difficult to detect compared to mass phishing campaigns, thereby putting individuals and businesses at higher risk,” says Kaur.
One reason is that hackers are increasingly masquerading as legitimate sources and brands. According to a study by Check Point, the most frequently imitated brands by cybercriminals in their attempts to steal victims’ personal information or payment credentials include Microsoft, LinkedIn, Amazon, Google and PayPal among others. In Razdan’s case it was an equally reputed institution like the Harvard University. In most cases, lured with promises of monetary or career gain or threats of financial or physical danger, people are being dodged out of tens of thousands of dollars. Corporations lose even more — tens of millions of dollars.
But are companies ready to face this onslaught?
GV Anand Bhushan, Partner at Shardul Amarchand Mangaldas & Co notes, “While companies in general are taking measures to safeguard themselves from phishing related cyber-attacks, lack of employee training when it comes to cyber-security, skills shortage in the cyber-security industry, and failure to take timely assistance from the Computer Emergency Response Team (CERT-In) in case there is a cybersecurity incident, are some of the challenges companies continue to face. That being the case, while many companies are giving importance to cyber-security, there is still room for additional measures that organizations can adopt from a cyber-security standpoint.”