Going Phishing: Malware and It’s Role in Data Breaches featured image

Going Phishing: Malware and It’s Role in Data Breaches

by John DiGiacomo

Partner

Data Breach

Malware is a malicious type of software code that plays a significant role in data security breaches. Malware is typically deployed through a phishing email message scam. This involves an unsuspecting victim receiving an email message from a fraudulent source, a victim clicks on a nefarious link or opens an attachment of the email that contains the malware. Malware can cause all kinds of problems. For instance:

  • Malware can be used to expose and exploit vulnerabilities in a system. It can create a back door allowing hackers access to the compromised system. A back door enables a hacker to circumvent normal authentication mechanisms when accessing a computer system.
  • It can be used to log a user’s keystrokes, which reveals personal or sensitive information. This might include a user’s login information, passwords, and personal identifying information.
  • Malware can be used to steal financial, banking, and credit and debit card account information.
  • Malware can eat up space in a computer’s memory, slowing down the system’s processing speed.

Some of the most massive data breaches to date were the result of a phishing email scam. In the Target data security breach that occurred in 2013, thousands of Target customers had their credit card information exposed. A third-party vendor was compromised by a phishing scam that granted hackers access to Target’s credit card processing network. When Sony Pictures Entertainment’s computer systems were compromised in 2014, the cybersecurity breach was a result of an employee falling victim to a phishing email attack.

Phishing Scams and the Dissemination of Malware

In 2016, phishing scam emails were the leading way that computers were infected with malware, according to Verizon’s 2016 Data Breach Investigation Report. Remarkably, 30% of phishing emails were opened. The victims in 13% of cases opened an attachment to the phishing email or clicked on a link contained in the phishing email. Doing either of these actions allows the malware to gain access to the victim’s computer.

Why Do People Fall for Phishing Email Scams?

Why do so many people open phishing emails despite an ever-growing increase in awareness? Sometimes it is difficult for a victim to know whether an email they receive is legitimate or not. Some phishing emails are clearly scams, which recipients can detect straight away because they do not recognize the sender, the email is littered with misspelled words and incorrect grammar, or the subject line is a dead giveaway. On the other hand, some phishing emails might look very legitimate. They are complete with convincing logos, signature blocks, and authentic looking sender email addresses.

When phishing scam emails appear to be from a person or business that the victim knows, it is referred to as spear phishing due to the targeted nature of the attack. Phishing scams are most successful when the email looks so good or legitimate to the recipient that he or she is tricked into opening it. Spear phishing emails seem personal or familiar, and that is why people open them thinking that the message was sent from a trusted source.  

Talk to a Data Breach Lawyer

Cybersecurity is always changing. As soon as new protections are developed to help curb cyber attacks, new threats are created. If your business has been involved in a data security breach because one of your employees opened a phishing email, you will need to take steps to manage the aftermath of your company’s exposure according to notification laws. You need the data breach experts from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Integrity KY.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case