Conversations around the topic of cybercrime, particularly phishing, have increased significantly in recent years. Rightfully so, as statistics show that 75 percent of global organisations experienced some form of phishing attack in 2020.
Whether you have personally fallen victim to a phishing attack or have read about it in the news, the fact stands – phishing attacks are on the rise and the consequences can be devastating. Organisations in the private sector, as well as public sector bodies, should therefore ensure that they are well-informed and protected against these attacks.
Simply defined, phishing is a type of social engineering that uses deception to steal personal information or sensitive data from people. This information is then used to commit identity theft, make unauthorised purchases or to steal funds from an organisation and its customers.
Email phishing is by far the most common type of phishing, as it accounts for 96 percent of globally recorded phishing attacks. During the attack scammers impersonate an organisation by sending fraudulent email messages from the organisation’s domain. The goal is to use these disguised email messages and trick recipients into downloading an attachment or click on a malicious link. This can either lead to malware being installed onto the recipient’s computer, which freezes the system. Or the fraudulent messages might result in the recipient unknowingly sharing sensitive information such as their banking details, passwords or login credentials.
By hacking into an organisation’s email domain and impersonating them, email receivers are less likely to question the credibility of the fraudulent message, as they believe it came from a reputable source.
Blackmail phishing is another popular attack that scammers use to target organisations and manipulate them into paying financial incentives. In 2019, The City of Johannesburg fell victim to this type of attack. During the attack hackers managed to breach the municipality’s network and successfully gained access into its information systems. A ransom note was left to the municipality, demanding that 4 bitcoins (approximately R435,000 at the time) be paid into the hacker’s bank account. Ignoring the request would result in the uploading of passwords and sensitive financial and personal information onto the Internet.
Last year, the Mimecast State of Email Security report indicated that 53 percent of South African organisations reported an increase in phishing attack from 2019. Despite the frequent number of phishing attacks happening around us, most organisations continue to implement little to no network security, leaving information systems vulnerable and open to hackers. The consequences of this includes reputational damage, financial loss and placing customer’s personal information at risk.
These risks can be avoided by ensuring that your organisation or municipality’s network and email domain is protected with a DMARC complaint tool.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication and reporting protocol, which allows email senders and receivers to determine whether an email message is legitimately from the sender, and what to do if it isn’t. It will thus alert both your organisation and its email receivers when an outside source attempts to impersonate your domain and send fraudulent messages.
DMARC compliance has become a critical requirement for municipalities and government organisations to safeguard all data and prevent financial and reputational loss. InzaloSend is the ideal DMARC compliance software that achieves complete protection from email phishing and impersonation attacks.
If your municipality is interested learning more, contact us about our InzaloSend product or sign up for an Inzalo EMS DMarc Webinar here.
Inzalo EMS is a government-centric technologies company based in Centurion, Gauteng. We focus on current leading technologies and public policies to incite technology innovation in the municipal space. Learn more at www.inzaloems.co.za.