Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


Phishing: Draining the corporate bottom line

Fraud Alert:

Quick quiz — how many of you have not experienced a phishing attack on your organization in the last month? 

I suspect that there are not many hands up. As you likely know, phishing is a pervasive problem for the corporate world, and the problem is growing. One organization I work with has seen a 400% increase in phishing attacks in just the last year. 

I think most people with some knowledge of the information security world understand the gravity of phishing attacks. The results of a recent study indicated that approximately 93% of phishing messages carry ransomware. On top of that, many seek to collect personal information for later use, a practice known as social engineering. 

What many may not realize is the drain phishing attacks place on the information technology team, particularly the information security organization. For organizations with an operational security function, this involves pulling the message out of mailboxes before most users see it, conducting forensic analysis to understand what each message does, reviewing logs to understand what, if any, impact the message had on the organization, blocking links or attachments, and keeping leadership informed. These efforts can leave a major dent in the bottom line.