The Colonial Pipeline ransomware incident in May 2021 illustrates just how cunning cyberattacks can be. It all began when an employee received an email that looked totally legitimate but turned out to be a trap. When they clicked on a link in that email, it secretly installed malicious software on their computer. This software locked up important files and demanded a massive $4.4 million ransom to unlock them.
The attack’s complexity highlights how tricky modern cyber threats can be. The hackers used an employee’s exposed VPN password to get in. The email they sent looked so real that it fooled the employee into thinking it was from a trusted source, like the IT department. Inside the email was a dangerous link that, once clicked, allowed the hackers to take over the employee’s computer. They used this access to lock down Colonial Pipeline’s computer systems and demand a huge ransom.
This incident is a clear reminder of the serious risks posed by phishing attacks. By staying vigilant and following best practices, such as being cautious with emails from unknown sources, verifying links, and keeping your software up to date, you can protect yourself from these threats. Please report suspected phishing incidents to IET immediately by calling the Help Desk at 77354 or forward suspicious emails to helpdesk@virginiawestern.edu. By doing so, you can keep your personal and work-related information safe from potential harm. Stay alert, stay secure!
Here are some interesting statistics about phishing incidents:
- Spear phishing–a targeted attack where emails from a seemingly trusted source are used to steal sensitive information–accounts for 66% of all breaches despite comprising only 0.1% of email-based attacks.
Source: StationX - Yahoo is the most impersonated brand in phishing attempts, with 20% of all phishing attempts claiming to be from Yahoo.
Source: Expert Insights - Google blocks approximately 100 million phishing emails every day.
Source: AAG IT Support - The average cost of a ransomware attack, often initiated by a phishing email, is estimated at around $1.5 million for enterprises.
Source: StationX - Phishing attacks have reached their highest level since 2020, with nearly 1.3 million phishing sites reported in Q3 2022.
Source: PixelPrivacy