F

Facebook is No. 1!

Email phishing continues to be a large threat vector for small businesses. Today, in a report published by Kaspersky, Facebook scored number 1! Unfortunately, in this case, there is nothing to celebrate since the category of this number 1 spot was phishing attempts. The report noted that in the past 6 months (from April to September) there have been 4.5 million attempts to steal our Facebook credentials.

Coming in second place is WhatsApp with 3.7 million phishing attempts. After that, Amazon with 3.3 million, Apple with 3.1 million, and rounding out the top five was Netflix with 2.7 million phishing emails sent to the masses.

facebook logo

Clearly, email phishing is a successful attack method for cybercriminals and there seems to be no slow-down in sight.

To have your Facebook credentials (username and password) stolen may simply be an inconvenience to some. However, for those who use Facebook for work and/or for advertising, it can cost real dollars. As well, it could risk sensitive corporate data. Businesses should take seriously these attempts to trick their staff into giving up passwords and possibly other information.

Let's Work Together!

What Can We Do

Some organizations that do not use Facebook as part of their work simply block the site to cinch the threat. The same is true for other social media platforms and services. Depending on your equipment and network services, websites can be blocked just for certain users. So, a website could be open for those that need it and blocked for others.

Setting up multi-factor authentication (MFA) also called two-factor authentication (2FA) is always a smart move. With an extra step of verification required, perhaps a text message to your mobile device, then even if the attackers get your password they still will not be able to access your account. However, MFA does not make one invincible. It can be hacked too. Besides, since many people use the same password for multiple services, we really don’t want the hackers to have your password even if they don’t get into that particular service.

The very best way to protect your business against phishing and other social engineering tactics is training. Ask your IT Security Provider for information on phishing sims and IT Security training. Ethix IT strongly encourages investing in the training of your ‘human firewall’… a very important part of your overall defenses.

Phishing and other social engineering attacks such as Business Email Compromise (aka CEO fraud) are not going anywhere as long as the attackers are hitting paydirt. Don’t leave it to chance. Take precautions and stay ahead of the curve by implementing controls and training in your office environment.

Stay safe and don’t let the bad guys in!