No surprises about where cyberattacks are focused as reported recently that about 45% of IT security decision makers are worried about “phishing attacks, and employees clicking on links within email which download malware and email attachments which download malware.” In April 2015 Osterman Research issued its “Best Practices for Dealing with Phishing and Next-Generation Malware” that started with these terrible stories about two law firms:
An attorney in the greater San Diego area opened an attachment in a phishing email that he thought was sent to him by the US Postal Service. The attachment installed malware on his computer, and shortly thereafter he found that $289,000 had been transferred from his firm’s account to a bank in China.
A law firm in Charlotte, NC transferred $387,000 to a bank in Virginia Beach, VA after it closed a deal. Shortly thereafter, cybercriminals transferred most of this amount to the law firm’s bank in Charlotte, which transferred the funds to a bank in New York and then to a bank in Moscow. The victim organization believes it had been infected with keystroke logging software from a phishing email that captured all of the critical information necessary to initiate the wire transfer.
Of course the advice in Osterman’s Report is not limited to lawyers, these phishing and malware scams affect all industries. Here a 3 of the 8 key takeaways:
Without question these cyberattacks will not abate anytime soon, so every employer should be training employees continuously.