Phishing: How fraudsters hack your companies through your employees


Phishing: How fraudsters hack your companies through your employees

Among many cases of cybercrime, a case involving phishing is most discussed. Phishing is a classic fraud method that is conducted by exploiting humans’ emotions and relationships. The perpetrators lure victims to hand over their credential information, such as name, address, telephone number, email, OTP code, access to the company’s IT system, and other credential data. With such information, the perpetrators can take over accounts, make financial transactions, steal money, apply for loans, and other actions that can harm the victims. With today’s technological sophistication, phishing is increasingly rampant.

Human is the loophole in the security system

Phishing attack on companies has been prevalent. Instead of directly hacking into companies’ security systems ( which is risky and expensive), the perpetrators opt to ‘hack’ the companies’ human resources. They can bypass companies’ security systems by exploiting employees through security loopholes. They might impersonate vendors and ask for urgent wire transfers by sending emails to employees. Alternatively, they might send employees scam emails with eye-catching subjects and lure them to click a link inside which turns out to bring malware. Through the malware, the perpetrators can get access to employees’ devices and steal the companies’ credentials. Therefore, giving sufficient education to employees about phishing threats is essential as part of prevention efforts.

In fact, 83% of company respondents experienced a phishing attack in 2018. According to Global Infosecurity, this percentage represents an increase of 76% compared to the figure in 2017. The victim companies indeed suffered from financial and reputation losses.

What victim companies should do?

Conducting prevention efforts is always better than recovering from losses. However, there is a time when companies have to face the harsh reality of being attacked by phishing. Therefore, companies should prepare the countermeasure actions including investigation, to minimize the damage and losses as well as to improve the security system.

Investigating cyber fraud requires a lot of resources, labor, and time. One of the challenging parts of the investigation is the victims, perpetrators, and witnesses could be in different jurisdictions. However, such a case can be resolved if the investigator uses a combination of internet research, and conventional investigative tools, and cooperates with law enforcement in different jurisdictions. Companies are strongly advised to work with experienced and professional third-party carrying out business investigation services to handle a fraud-related case.

Integrity has been trusted by its clients as a provider of risk mitigation and business investigation services – including fraud audits and investigations, theft investigations, asset tracing, skip tracing, and litigation support. Our analysts and our investigators are personnel who are equipped with skills and experiences in conducting business investigations. For more information about business investigations, do not hesitate to contact us.


Read More:

Richard Branson: Fraudsters Impersonating Me in Attempts to Take Your Personal Information

Google Calendar Phishing, the Latest Breakthrough of Scam



Share this post:



Jl. RS. Fatmawati Raya No. 57-B, Cilandak Barat, Jakarta 12430, Indonesia







Get the latest updates and industry insights

    Copyright – INTEGRITY – All Rights Reserved © 2024 – Privacy Notice | Terms of Services | Content Protection by