“Maltese companies are also falling victims to phishing emails”

Phishing is one of the most ferocious and dangerous threats to your businesses – regardless of whether you are a large organization, a small business, or something in-between. Hackers use email, social media, phone calls, and any other form of communication to steal data such as passwords, credit cards, or other sensitive information. Of course, businesses are a particularly worthwhile target.

“employees are regarded as the ‘weakest link’ in cyber-security circles”

The most successful phishing attacks often target employees as employees are regarded as the ‘weakest link’ in cyber-security circles. These attacks are designed to use a variety of deceptive tactics to try to influence, manipulate, or outright trick an employee into performing a specific task. The goal could be to gain access to vital systems or to get an employee to make large wire transfers to fraudulent accounts. Phishing can be particularly problematic in a situation, where dozens or even hundreds of employees may be accessing emails on company computers and the employees are unaware of phishing tactics.

Falling for schemes targeting business emails that involve phishing are among the most costly mistakes employees make. How costly? We were wondering the same. That is why we have taken the time to identify the top phishing attack examples that happed because of the unawareness of the employees.

Facebook and Google, together, were scammed out of more than €91 million between 2013 and 2015 through an elaborate fake invoice scam. A Lithuanian hacker was able to accomplish this feat by sending each company a series of fake invoices whilst impersonating a large Asian-based manufacturer they used as a vendor. The employees transferred funds believing that the invoices were from the manufacturer they used as vendor.

FACC, an Austrian aerospace parts maker, lost €54 million. A hacker posed as the CEO and sent a phishing email to an entry-level accounting employee who transferred funds to an account for a fake project. This kind of situation underscores the importance of having comprehensive and regular cyber security awareness training for employees. This case is a landmark in another way — the company is suing their former CEO and CFO for not doing enough to protect the company from millions in losses. In the ongoing case, the company has alleged that the two leaders “failed to set up adequate internal controls and to meet their obligations of collegial cooperation and supervision.”

Leoni AG, a leading manufacturer of wire and cables, lost €40 million when a finance employee in the company’s Romania office was targeted by a phishing email claiming to be from the company’s senior German executives. This situation is another one of those phishing attack examples that demonstrates the importance of training employees to identify phishing emails.

Maltese companies are also falling victims to phishing emails. We have come across cases where company data has been compromised due to a phishing scam and the breach had to be reported to the Office of the Information and Data Protection Commissioner. Other local cases we have come across targeted employees working in the finance departments who were made to believe that suppliers requested payments to be wired to a different account number.

Despite all the IT security measures one can take to protect the company from such attacks the best bet is to invest in employee awareness. After all employees are regarded as the ‘weakest link’ in cyber-security circles.