toggle accessibility mode
phishing email

Going Phishing: Malware and It’s Role in Data Breaches

By John DiGiacomo

Malware is a malicious type of software code that plays a significant role in data security breaches. Malware is typically deployed through a phishing email message scam. This involves an unsuspecting victim receiving an email message from a fraudulent source, a victim clicks on a nefarious link or opens an attachment of the email that contains the malware. Malware can cause all kinds of problems. For instance:

  • Malware can be used to expose and exploit vulnerabilities in a system. It can create a back door allowing hackers access to the compromised system. A back door enables a hacker to circumvent normal authentication mechanisms when accessing a computer system.
  • It can be used to log a user’s keystrokes, which reveals personal or sensitive information. This might include a user’s login information, passwords, and personal identifying information.
  • Malware can be used to steal financial, banking, and credit and debit card account information.
  • Malware can eat up space in a computer’s memory, slowing down the system’s processing speed.

Some of the most massive data breaches to date were the result of a phishing email scam. In the Target data security breach that occurred in 2013, thousands of Target customers had their credit card information exposed. A third-party vendor was compromised by a phishing scam that granted hackers access to Target’s credit card processing network. When Sony Pictures Entertainment’s computer systems were compromised in 2014, the cybersecurity breach was a result of an employee falling victim to a phishing email attack.

Phishing Scams and the Dissemination of Malware

In 2016, phishing scam emails were the leading way that computers were infected with malware, according to Verizon’s 2016 Data Breach Investigation Report. Remarkably, 30% of phishing emails were opened. The victims in 13% of cases opened an attachment to the phishing email or clicked on a link contained in the phishing email. Doing either of these actions allows the malware to gain access to the victim’s computer.

Why Do People Fall for Phishing Email Scams?

Why do so many people open phishing emails despite an ever-growing increase in awareness? Sometimes it is difficult for a victim to know whether an email they receive is legitimate or not. Some phishing emails are clearly scams, which recipients can detect straight away because they do not recognize the sender, the email is littered with misspelled words and incorrect grammar, or the subject line is a dead giveaway. On the other hand, some phishing emails might look very legitimate. They are complete with convincing logos, signature blocks, and authentic looking sender email addresses.

When phishing scam emails appear to be from a person or business that the victim knows, it is referred to as spear phishing due to the targeted nature of the attack. Phishing scams are most successful when the email looks so good or legitimate to the recipient that he or she is tricked into opening it. Spear phishing emails seem personal or familiar, and that is why people open them thinking that the message was sent from a trusted source.  

Talk to a Data Breach Lawyer

Cybersecurity is always changing. As soon as new protections are developed to help curb cyber attacks, new threats are created. If your business has been involved in a data security breach because one of your employees opened a phishing email, you will need to take steps to manage the aftermath of your company’s exposure according to notification laws. You need the data breach experts from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Integrity KY.

Put Revision Legal on your side