2018 Study: Canada Ranks Number 1 as a Target for Phishing Scams. Has Anything Changed?

spear-phishing According to the RSA Quarterly Fraud Report for the period between January 1 to March 31, 2018, Canada, the U.S. and India were the top 3 ranked countries most targeted by Phishing.  During that same period, phishing accounted for 48% of all cyber-attacks globally.
If you thought that your Canadian business would never be on the radar for this kind of a cyber attack, think again.  All it takes is one user in your organization to be “phished” which could end up leading to a costly data breach. Recent news reports show that phishing and ransomware attacks are on the rise in Canada. Just two weeks ago, the City of Woodstock suffered a network breach when a virus got into their systems and prevented access to emails and data.  The Woodstock Police Service also experienced a separate attack early Monday morning. The likely cause of the virus was a phishing email.  Most recently, The City of Stratford experienced a similar attack in April and, last week, officials revealed they had paid a hacker the equivalent of $75,000 in Bitcoin. Last summer, both the town of Midland and the town of Wasaga Beach suffered a ransomware attack.  Both of those towns also elected to pay the ransom. Ransomware isn’t the only result of phishing either.  In other cases, the phisher or hacker is looking for privileged access to accounts in an attempt to steal money or data.  Phishing is a costly problem, but one that is solvable. So, what should the average Canadian business do to prevent phishing?  Well-educated and suspicious employees can do wonders for your business’s security. Education is key in preventing phishing. Teach staff how to recognize suspicious emails by looking at headers, or simply highlighting links to show the true domain name.  Often, these links will lead to a site asking for credentials or ask a user to download a trojan horse, which can lead to ransomware being installed on company devices. If a user still isn’t sure if they are reading a legitimate email, teach them that it is OK to call “the sender” just to ensure that the email is really from them.  Anti-Spam software can also help, but it doesn’t always catch everything.  Always ensure your anti-virus and anti-malware programs are up-to-date. Want to teach your staff to be phishing aware.  Contact Uzado now about our phishing awareness training.