Don’t Get Hooked by Phishing Scams



By the end of 2018, the number of data breaches from cyberattacks was down for the first time in more than five years. This left a burning question among business leaders and security professionals alike: Had we finally hit the peak of a decade-long trend of ever-increasing data breaches?

Fast forward to the last quarter of 2019 and we know the answer: No.

As of the end of October – ironically, Cybersecurity Awareness Month – the number of publicly reported data breaches had already passed the 2018 total. What’s more, cyberattacks are now the cause of a little more than half of all data breaches; the other half is almost evenly split between malicious insiders, and humans making mistakes. 

Along with the rise in successful cyberattacks are some new ways of attacking businesses. The BBB National Programs’ >Better Series Podcast recently focused on two of these new attack methods in a discussion with James Ruotolo, a Sr. Director in the Fraud & Security Intelligence business unit of SAS, the world’s largest private software company; and John LaCour, the Chief Technology Officer and Founder of PhishLabs, a company whose products help businesses avoid becoming a victim of a phishing expedition.

Ruotolo outlined a new kind of identity attack known as “synthetic identity” where criminals use real ID information from multiple people to create a new identity for the purpose of committing fraud. “There is research that suggests 20% of what is currently counted as credit loss is actually the result of synthetic identity fraud,” Ruotolo explained. “Yet, some of the traditional methods that we use to stop certain types of fraudulent behavior are not effective with this type of fraud.”

LaCour noted that small and medium businesses are increasingly the target of a form of phishing known as Business Email Compromise (BEC) that rely on highly accurate spoof emails and websites to trick companies into paying fraudulent invoices as directed by an executive. “Some of these financial losses are in the hundreds of thousands of dollars or millions of dollars. BEC fraud is a huge problem.”

If you want to learn more about the how to protect your business from cyberfraud and cyberattacks, listen to the >Better Series episode “When Hackers Go Phishing” with James Ruotolo and John LaCour at the BBB National Program’s Podcast website, on the Apple Podcast app or your favorite streaming platform.