May 11th, 2017.

It doesn’t matter whether your company has a strong security and password policy, or if it has enabled two-factor authentication (2FA) on employees’ accounts. All of this can be sidestepped by exploiting the basic weakness in email.

According to a recent report by corporate investigations and risk consulting firm Kroll, UK businesses are the second biggest victims of cyber crime in the world, with 92% of executives saying they had experienced an attack or information loss in the last year.

Phishing is one of the most common types of cyber attack, with 30% of phishing emails getting opened, according to Verizon’s Data Breach Investigations Report. It’s the easiest way to hijack accounts – as happened to Hillary Clinton’s election campaign chairman John Podesta last year.

Even tech giants like Facebook and Google aren’t immune. Last month it emerged the tech giants were conned out of more than $100 million (£77m) each in an elaborate phishing scam involving forged email addresses and fake invoices from suppliers.

It’s straightforward and relatively easy to steal someone’s online identity: with just a few lines of code, it’s possible to ‘borrow’ email addresses and create malicious emails that appear genuine.

Crucially, these scams do not involve hacking or password theft. A basic understanding of web protocols and simple tools such as telnet, and finding the name of the individual being impersonated (usually from LinkedIn) is enough for the attack to be successful.

For the full story at informationage.com CLICK HERE.