Skip to main content

Phishing Scams Are Still a Cybersecurity Problem

Cybercriminals are increasingly targeting corporations with their phishing schemes.Learn how to protect your sensitive corporate information from cybertheives.

Phishing scams have been around practically since the Internet and email first emerged on the scene. But now cybercriminals are increasingly turning their attention to corporations as the target of their phishing schemes.

In these scams, cyberthieves try to get employees to divulge sensitive corporate information like passwords, bank account and credit card numbers, and IP addresses. Or they may try to lure them into downloading dangerous viruses that can steal corporate information, destroy or disable computers and networks, or install spyware that can monitor computer activities.

“Fishing” For Information

Unfortunately, phishing still “catches” a surprising number of victims. Increasingly, these include employees who fall for phishing schemes on their work computers and inadvertently divulge sensitive corporate information to cyberthieves. Recent high-profile breaches have companies taking a much harder look at email and how they can protect access to business strategy, personal information and intellectual property.

“Phishing is a numbers game,” explains Cadence Bank Senior Vice President and Information Security Director Laura Buckley, CISSP, CISA, CRISC. “Cyberthieves know the vast majority of people won’t fall for their scam. They’re counting on just a fraction of a percentage of the millions of people who receive their phishing emails to click on a link or download a virus attachment, which inevitably happens.”

Phishing has now infiltrated the corporate world in the form of fake emails supposedly from a company’s CFO that request an urgent wire transfer from employees. “We are now hearing about this on a more frequent basis,” says Buckley. “This makes it critical that corporations instruct employees to always validate internal wire transfer requests just like they do external wire requests.”

Cyberthieves are also using phishing schemes to infect corporate computers and IT systems with malware. When installed on corporate computers, this malware can capture employees’ online banking credentials, which cyberthieves can then use to wipe out corporate bank accounts. Malware can also be used to steal sensitive information for the purposes of corporate espionage and insider trading. And by downloading malware onto merchants’ POS systems, cyberthieves can steal unencrypted credit and debit card information.

More Sophisticated Scams

  • Buckley says that phishing emails are becoming more and more sophisticated and harder to detect. For example, spear phishing is a more targeted form of phishing in which cyberthieves send highly targeted emails to potential victims who they know have a relationship with the brand that’s being hijacked. This often enables them to get past victims’ initial suspicions and convince them to click on bogus links or download viruses disguised as legitimate attachments.
  • Given the increasing sophistication of phishing scams and incredible damage they can cause to corporations, it’s critical that corporations train employees on how to spot phishing emails and what to do when they receive them. “There are usually telltale signs that make it fairly easy to spot phishing emails if employees know what to look for,” says Buckley. These include the following:
  •  Generic greetings — Phishing emails usually include a generic, non-personalized greeting, such as “Dear (Company) Member,” if they have any greeting at all. If you are actually a customer of a business or institution, they will know your real name and personalize the email to you.
  •  A false sense of urgency — Cyberthieves often try to convey an urgent tone in phishing emails and dire consequences if you ignore their warning. An email from a legitimate business or institution probably won’t include such a tone and will ask you to contact them separately from the email itself, such as by phone or by logging into their website independently of the email
  • Suspicious links and URLs — If you look closely at the links in phishing emails you’ll see that cyberthieves have used deception to try to make them look legitimate. For example, they hide the real web address at the end of a long URL. You can check URLs without actually clicking on them by hovering your mouse over the link — the full URL will then be displayed.

Buckley says that businesses and employees should forward any suspicious emails that might be phishing emails to the legitimate organization that is being impersonated. “This includes Cadence Bank if you or your employees receive a phishing email supposedly from us but that clearly isn’t,” she says. Phishing emails should be forwarded to [email protected].

In addition, Cadence Bank is working closely with Phishlabs to fight back against cyberthieves. Whenever a phishing attack is detected, Phishlabs works to shut down the phishing site and report the cybercriminals behind it.

To learn more about phishing scams and how to protect your business, visit Cadence Bank’s Fraud Information Center.

This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.

Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.