• About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
  • About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
NZBusiness Magazine

Type and hit Enter to search

Linkedin Facebook Instagram Youtube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
NZBusiness Magazine
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
Technology

Phishing: The growing threat to your business

How clever cybercriminals can take advantage of your busy employees to steal credentials, money, and data – and what you can do to prevent it from happening. It only takes […]

Glenn Baker
Glenn Baker
June 30, 2021 4 Mins Read
688

How clever cybercriminals can take advantage of your busy employees to steal credentials, money, and data – and what you can do to prevent it from happening.

It only takes a matter of minutes for cybercriminals to bait, hook, and catch a phishing victim among your employees and then leverage that success into a broader cyberattack on your business. Unfortunately, this was very much the case with the Waikato DHB cyberattack, with an attachment in a phishing email thought to be the entry point.

The general story goes like this:

  1. Choosing victims: A cybercriminal launches a phishing campaign to either random email recipients (often obtained from a previous data breach) or targeted to a specific company or industry. In this case, an employee of a New Zealand business is randomly targeted with a phishing email.
     
  2. Setting the bait: The employee opens the phishing email and sees a convincing message about a document to be downloaded from a well-known file-sharing application. It’s convincing because the employee uses the application to share documents both within the organisation and externally with company suppliers. The email includes the application’s branding to make it look legitimate. Furthermore, the sender appears to be her boss, which is a technique called ‘spear phishing’, a malicious email that impersonates an individual for the purpose of tricking a recipient into completing a desired action.
     
  3. Hooking the target: The employee is incredibly busy on this day and clicks on the malicious link so they can deal with this latest interruption to their already overflowing schedule. The link takes them to a fake website where they are asked to enter login credentials. They enter them and open the document, which contains hidden malware.   
     
  4. Taking malicious actions: The malware downloads to their device and then rapidly spreads across the business company’s network, allowing the cybercriminal to steal credentials and sensitive data along the way. At some point in the attack, ransom notes begin popping up on employees’ screens and operations come to a halt.

       

Phishing is a bigger threat than ever

According to CERT NZ the biggest cyber security incident category in New Zealand in 2020 was Phishing with reports up 76 percent on 2019, and Phishing and credential harvesting have remained the most reported incident category in from January to March this year.

Anti-Phishing Working Group (APWG) found that roughly 200,000 new phishing sites crop up each month, with campaigns impersonating more than 500 different brands and entities per month. The group’s Phishing Activity Trends Report reveals that the number of phishing attacks doubled throughout 2020. Attacks peaked in October 2020, with a record 225,304 new phishing sites appearing in that month alone.

Interestingly, according to consulting firm Deloitte, 91 percent of all cyberattacks begin with a phishing email to an unsuspecting victim. Phishing campaigns impersonate email and file-sharing service providers, pretend to be vendors or job seekers, pose as financial institutions, and much more to gain login credentials, steal money and data, and hold businesses and their systems and data hostage.   

 

Why phishing still works

We all know to never click on links or open attachments in sketchy emails. Yet, phishing remains a lucrative attack vector for bad actors. That’s because attackers have become more adept at impersonation and taking advantage of our busy work lives. As humans, we’re vulnerable to experiencing momentary lapses in judgment because we’re juggling various applications such as group chats, video conferences, emails, and other intrusions on our focus on normal work tasks. A phishing email that seems to fit within a busy workflow might just slip through in a moment of multitasking. 

 

Data loss is the top impact  

Once a phishing victim has taken the bait, then the malicious actor can do several things:

  • Control the victim’s device using malware.
  • Gain access to account credentials for data or financial theft.
  • Access the victim’s email and contacts to further target company executives or other employees.
  • Spread malware including ransomware to other devices on the same network.
  • Gain access to other company systems, data, or intellectual property.

When a successful phishing campaign turns into a successful cyberattack, the impact to the business can be devastating, including data loss, compromised accounts or credentials, and ransomware attacks, which are rising exponentially across the world and in New Zealand.

 

Protection against phishing attacks 

To protect your business against damage from a successful phishing attack, it’s best to take a multi-pronged approach. First, provide employees with anti-phishing training and information on a regular basis to help them recognise phishing campaigns and avoid becoming victims.

Second, assume that mistakes will still happen and someone within the company will accidently click on a malicious link, open a malicious attachment, or provide login credentials to a fake website. To help limit the damage from a successful phishing attempt, make sure your anti-spam and antivirus software is up to date on employee devices.

Third, secure traffic on your network to further mitigate phishing risk with a Secure Web Gateway that blocks phishing attempts by analysing and blocking bad sites, as well as blocking malicious downloads and known malicious URLs from entering the network.

By following these steps, you and your business can avoid becoming the victim of a phishing campaign.

Story by Katherine Little, Business Security Expert at Avast, a global leader in digital security.

Share Article

Glenn Baker
Follow Me Written By

Glenn Baker

Glenn is a professional writer/editor with 50-plus years’ experience across radio, television and magazine publishing.

Other Articles

5G Telco tower
Previous

Prepare for the data explosion

2021 Women in Wine NZ Mentors
Next

Women in Wine mentoring program helps women flourish

Next
2021 Women in Wine NZ Mentors
June 30, 2021

Women in Wine mentoring program helps women flourish

Previous
June 28, 2021

Prepare for the data explosion

5G Telco tower

Subscribe to our newsletter

NZBusiness Digital Issue – March 2025

READ MORE

The Latest

From redundancy to resilience

May 16, 2025

Episode 16: Bryce Marsden on sustainable impact through education, youth and environment

May 15, 2025

The high cost of leadership neglect

May 14, 2025

Why making Auckland a Tech Hub makes sense

May 14, 2025

Is AI making us happier? Why some Kiwi leaders would trade coffee for Generative AI

May 13, 2025

Step back to move forward – how Kiwi business owners can unlock growth

May 12, 2025

Most Popular

NZBusiness Digital Issue – June 2024
Understanding AI
Navigating economic headwinds: Insights for SME owners
How much AI data is generated every 60 seconds? New report reveals global AI use
Nourishing success: Sam Bridgewater on his entrepreneurship journey with The Pure Food Co

Related Posts

Why making Auckland a Tech Hub makes sense

May 14, 2025

Is AI making us happier? Why some Kiwi leaders would trade coffee for Generative AI

May 13, 2025

Samsung CSP: Leading the way in tech repairs across New Zealand

May 12, 2025

Cyber security in 2025: A guide on how to protect your business

April 22, 2025
NZBusiness Magazine

New Zealand’s leading source for business news, training guides and opinion from small businesses to multi-national corporations.

© Pure 360 Limited.
All Rights Reserved.

Quick Links

  • Advertise with us
  • Magazine issues
  • About us
  • Contact us
  • Privacy policy
  • Sitemap

Categories

  • News
  • Entrepreneurship
  • Growth
  • Finance
  • Education & Development
  • Marketing
  • Technology
  • Sustainability

Follow Us

LinkedIn
Facebook
Instagram
YouTube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability