According to Russian security firm Group-IB, a cyber criminal gang stole $25.7 million (£17.8 million) from Russian banks in 13 attacks conducted between August 2015 and February 2016.
Buhtrap – as the gang has been called by Group-IB – used spear phishing emails to send infected Word documents to financial institutions. When opened, these documents downloaded malware that ultimately enabled the attackers to create fraudulent transfer orders so that the bank would unknowingly send money to accounts that the criminals controlled.
The threat of phishing
Banks aren’t the only institutions that are susceptible to phishing attacks. Whatever your line of business, phishing is a threat you need to take seriously: if one of your employees mistakenly opens a phishing email, your entire corporate network could be put at risk. This is why it is so important to ensure that your staff understand the threat that phishing poses and can recognise phishing emails.
If you’re concerned about your staff’s susceptibility to phishing attacks, you may be interested in the following:
- IT Governance’s Cyber Security and Phishing Staff Awareness Course will enable you and your team to understand how cyber criminals operate, how they plan and execute their phishing campaigns, and how to spot and avoid phishing tactics.
- Our Employee Phishing Vulnerability Assessment will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.